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TITLE: Systems and methods for secure transaction management and electronic rights 
protection 

Brief Summary Text (52) : 

VDE allows electronic arrangements to be created involving two or more parties. 
These agreements can themselves comprise a collection of agreements between 
participants in a commercial value chain and/or a data security chain model for 
handling, auditing, reporting, and payment. It can provide efficient, reusable, 
modifiable, and consistent means for secure electronic content: distribution, usage 
control, usage payment, usage auditing, and usage reporting. Content may, for 
example, include: financial information such as electronic currency and credit; 
commercially distributed electronic information such as reference databases, 
movies, games, and advertising; and electronic properties produced by persons and 
organizations, such as documents, e-mail, and proprietary database information. 

Brief Summary Text (55) : 

VDE offers an architecture that avoids reflecting specific distribution biases, 
administrative and control perspectives, and content types. Instead, VDE provides a 
broad-spectrum, fundamentally configurable and portable, electronic transaction 
control, distributing, usage, auditing, reporting, and payment operating 
environment. VDE is not limited to being an application or application specific 
toolset that covers only a limited subset of electronic interaction activities and 
participants. Rather, VDE supports systems by which such applications can be 
created, modified, and/or reused. As a result, the present invention answers 
pressing, unsolved needs by offering a system that supports a standardized control 
environment which facilitates interoperability of electronic appliances, 
interoperability of content containers, and efficient creation of electronic 
commerce applications and models through the use of a programmable, secure 
electronic transactions management foundation and reusable and extensible 
executable components. VDE can support a single electronic "world" within which 
most forms of electronic transaction activities can be managed. 

Brief Summary Text (58) : 

VDE provides a secure, distributed electronic transaction management system for 
controlling the distribution and/or other usage of electronically provided and/or 
stored information. VDE controls auditing and reporting of electronic content 
and/or appliance usage. Users of VDE may include content creators who apply content 
usage, usage reporting, and/or usage payment related control information to 
electronic content and/or appliances for users such as end-user organizations, 
individuals, and content and/or appliance distributors. VDE also securely supports 
the payment of money owed (including money owed for content and/or appliance usage) 
by one or more parties to one or more other parties, in the form of electronic 
credit and/or currency. 

Brief Summary Text (69): 

VDE, for example, can employ: (1) Secure metering means for budgeting and/or 
auditing electronic content and/or appliance usage; (2) Secure flexible means for 
enabling compensation and/or billing rates for content and/or appliance usage, 
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including electronic credit and/or currency mechanisms for payment means; (3) 
Secure distributed database means for storing control and usage related information 
(and employing validated compartmentalization and tagging schemes); (4) Secure 
electronic appliance control means; (5) A distributed, secure, "virtual black box" 
comprised of nodes located at every user (including VDE content container creators, 
other content providers, client users, and recipients of secure VDE content usage 
information) site. The nodes of said virtual black box normally include a secure 
subsystem having at least one secure hardware element (a semiconductor element or 
other hardware module for securely executing VDE control processes) , said secure 
subsystems being distributed at nodes along a pathway of information storage, 
distribution, payment, usage, and/or auditing. In some embodiments, the functions 
of said hardware element, for certain or all nodes, may be performed by software, 
for example, in host processing environments of electronic appliances; (6) 
Encryption and decryption means; (7) Secure communications means employing 
authentication, digital signaturing, and encrypted transmissions. The secure 
subsystems at said user nodes utilize a protocol that establishes and authenticates 
each node's and/or participant's identity, and establishes one or more secure host- 
to-host encryption keys for communications between the secure subsystems; and (8) 
Secure control means that can allow each VDE installation to perform VDE content 
authoring (placing content into VDE containers with associated control 
information), content distribution, and content usage; as well as clearinghouse and 
other administrative and analysis activities employing content usage information. 

Brief Summary Text (70) : 

VDE may be used to migrate most non-electronic, traditional information delivery 
models (including entertainment, reference materials, catalog shopping, etc.) into 
an adequately secure digital distribution and usage management and payment context. 
The distribution and financial pathways managed by a VDE arrangement may include: 
content creator (s), distributor ( s ) , redistributor (s ) , client administrator ( s ) , 
client user(s), financial and/or other clearinghouse { s ) , and/or government 
agencies . 

Brief Summary Text (73) : 

Secure VDE hardware (also known as SPUs for Secure Processing Units), or VDE 
installations that use software to substitute for, or complement, said hardware 
(provided by Host Processing Environments (HPEs)), operate in conjunction with 
secure communications, systems integration software, and distributed software 
control information and support structures, to achieve the electronic 
contract /rights protection environment of the present invention. Together, these 
VDE components comprise a secure, virtual, distributed content and/or appliance 
control, auditing (and other administration), reporting, and payment environment. 
In some embodiments and where commercially acceptable, certain VDE participants, 
such as clearinghouses that normally maintain sufficiently physically secure non- 
VDE processing environments, may be allowed to employ HPEs rather VDE hardware 
elements and interoperate, for example, with VDE end-users and content providers. 
VDE components together comprise a configurable, consistent, secure and "trusted" 
architecture for distributed, asynchronous control of electronic content and/or 
appliance usage. VDE supports a "universe wide" environment for electronic content 
delivery, broad dissemination, usage reporting, and usage related payment 
activities . 

Brief Summary Text (74): 

VDE provides generalized configurability. This results, in part, from decomposition 
of generalized requirements for supporting electronic commerce and data security 
into a broad range of constituent "atomic" and higher level components (such as 
load modules, data elements, and methods) that may be variously aggregated together 
to form control methods for electronic commerce applications, commercial electronic 
agreements, and data security arrangements. VDE provides a secure operating 
environment employing VDE foundation elements along with secure independently 
deliverable VDE components that enable electronic commerce models and relationships 
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to develop. VDE specifically supports the unfolding of distribution models in which 
content providers, over time, can expressly agree to, or allow, subsequent content 
providers and/or users participate in shaping the control information for, and 
consequences of, use of electronic content and/or appliances. A very broad range of 
the functional attributes important for supporting simple to very complex 
electronic commerce and data security activities are supported by capabilities of 
the present invention. As a result, VDE supports most types of electronic 
information and/or appliance: usage control (including distribution), security, 
usage auditing, reporting, other administration, and payment arrangements. 

Brief Summary Text (79) : 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data), and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box," a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

Brief Summary Text (83) : 

VDE supports trusted (sufficiently secure) electronic information distribution and 
usage control models for both commercial electronic content distribution and data 
security applications. It can be configured to meet the diverse requirements of a 
network of interrelated participants that may include content creators, content 
distributors, client administrators, end users and/or clearinghouses and/or other 
content usage information users. These parties may constitute a network of 
participants involved in simple to complex electronic content dissemination, usage 
control, usage reporting, and/or usage payment . Disseminated content may include 
both originally provided and VDE generated information (such as content usage 
information) and content control information may persist through both chains (one 
or more pathways) of content and content control information handling, as well as 
the direct usage of content. The configurability provided by the present invention 
is particularly critical for supporting electronic commerce, that is enabling 
businesses to create relationships and evolve strategies that offer competitive 
value. Electronic commerce tools that are not inherently configurable and 
interoperable will ultimately fail to produce products (and services) that meet 
both basic requirements and evolving needs of most commerce applications. 

Brief Summary Text (90): 

VDEF transaction control elements reflect and enact content specific and/or more 
generalized administrative (for example, general operating system) control 
information. VDEF capabilities which can generally take the form of applications 
(application models) that have more or less configurability which can be shaped by 
VDE participants, through the use, for example, of VDE templates, to employ 
specific capabilities, along, for example, with capability parameter data to 
reflect the elements of one or more express electronic agreements between VDE 
participants in regards to the use of electronic content such as commercially 
distributed products. These control capabilities manage the use of, and/or auditing 
of use of, electronic content, as well as reporting information based upon content 
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use, and any payment for said use. VDEF capabilities may "evolve" to reflect the 
requirements of one or more successive parties who receive or otherwise contribute 
to a given set of control information. Frequently, for a VDE application for a 
given content model (such as distribution of entertainment on CD-ROM, content 
delivery from an Internet repository, or electronic catalog shopping and 
advertising, or some combination of the above) participants would be able to 
securely select from amongst available, alternative control methods and apply 
related parameter data, wherein such selection of control method and/or submission 
of data would constitute their "contribution" of control information. 
Alternatively, or in addition, certain control methods that have been expressly 
certified as securely interoperable and compatible with said application may be 
independently submitted by a participant as part of such a contribution. In the 
most general example, a generally certified load module (certified for a given VDE 
arrangement and/or content class) may be used with many or any VDE application that 
operates in nodes of said arrangement. These parties, to thee extent they are 
allowed, cad independently and securely add, delete, and/or otherwise modify the 
specification of load modules and methods, as well as add, delete or otherwise 
modify related information. 

Brief Summary Text (95): 

VDE ensures that certain prerequisites necessary for a given transaction to occur 
are met. This includes the secure execution of any required load modules and the 
availability of any required, associated data. For example, required load modules 
and data (e.g. in the form of a method) might specify that sufficient credit from 
an authorized sours must be confirmed as available. It might further require 
certain one or more load modules execute as processes at an appropriate time to 
ensure that such credit will be used in order to pay for user use of the content. A 
certain content provider might, for example, require metering the number of copies 
made for distribution to employees of a given software program (a portion of the 
program might be maintained in encrypted form and require the presence of a VDE 
installation to run) . This would require the execution of a metering method for 
copying of the property each time a copy was made for another employee. This same 
provider might also charge fees based on the total number of different properties 
licensed from them by the user and a metering history of their licensing of 
properties might be required to maintain this information. 

Brief Summary Text (100): 

VDE employs a variety of capabilities that serve as a foundation for a general 
purpose, sufficiently secure distributed electronic commerce solution. VDE enables 
an electronic commerce marketplace that supports divergent, competitive business 
partnerships, agreements, and evolving overall business models. For example, VDE 
includes features that: "sufficiently" impede unauthorized and/or uncompensated use 
of electronic information and/or appliances through the use of secure 
communication, storage, and transaction management technologies. VDE supports a 
model wide, distributed security implementation which creates a single secure 
"virtual" transaction processing and information storage environment. VDE enables 
distributed VDE installations to securely store and communicate information and 
remotely control the execution processes and the character of use of electronic 
information at other VDE installations and in a wide variety of ways; support low- 
cost, efficient, and effective security architectures for transaction control, 
auditing, reporting, and related communications and information storage. VDE may 
employ tagging related security techniques, the time-ageing of encryption keys, the 
compartmentalization of both stored control information (including differentially, 
tagging such stored information to ensure against substitution and tampering) and 
distributed content (to, for many content applications, employ one or more content 
encryption keys that are unique to the specific VDE installation and/or user) , 
private key techniques such as triple DES to encrypt content, public key techniques 
such as RSA to protect communications and to provide the benefits of digital 
signature and authentication to securely bind together the nodes of a VDE 
arrangement, secure processing of important transaction management executable code. 
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and a combining of a small amount of highly secure, hardware protected storage 
space with a much larger "exposed" mass media storage space storing secured 
(normally encrypted and tagged) control and audit information. VDE employs special 
purpose hardware distributed throughout some or all locations of a VDE 
implementation: a) said hardware controlling important elements of: content 
preparation (such as causing such content to be placed in a VDE content container 
and associating content control information with said content), content and/or 
electronic appliance usage auditing, content usage analysis, as well as content 
usage control; and b) said hardware having been designed to securely handle 
processing load module control activities, wherein said control processing 
activities may involve a sequence of required control factors; support dynamic user 
selection of information subsets of a VDE electronic information product (VDE 
controlled content). This contrasts with the constraints of having to use a few 
high level individual, pre-defined content provider information increments such as 
being required to select a whole information product or product section in order to 
acquire or otherwise use a portion of such product or section. VDE supports 
metering and usage control over a variety of increments (including "atomic" 
increments, and combinations of different increment types) that are selected ad hoc 
by a user and represent a collection of pre-identif led one or more increments (such 
as one or more blocks of a preidentif led nature, e.g., bytes, images, logically 
related blocks) that form a generally arbitrary, but logical to a user, content 
"deliverable." VDE control information (including budgeting, pricing and metering) 
can be configured so that it can specifically apply, as appropriate, to ad hoc 
selection of different, unanticipated variable user selected aggregations of 
information increments and pricing levels can be, at least in part, based on 
quantities and/or nature of mixed increment selections (for example, a certain 
quantity of certain text could mean associated images might be discounted by 15%; a 
greater quantity of text in the "mixed" increment selection might mean the images 
are discounted 20%) . Such user selected aggregated information increments can 
reflect the actual requirements of a user for information and is more flexible than 
being limited to a single, or a few, high level, (e.g. product, document, database 
record) predetermined increments. Such high level increments may include quantities 
of information not desired by the user and as a result be more costly than the 
subset of information needed by the user if such a subset was available. In sum, 
the present invention allows information contained in electronic information 
products to be supplied according to user specification. Tailoring to user 
specification allows the present invention to provide the greatest value to users, 
which in turn will generate the greatest amount of electronic commerce activity. 
The user, for example, would be able to define an aggregation of content derived 
from various portions of an available content product, but which, as a deliverable 
for use by the user, is an entirely unique aggregated increment. The user may, for 
example, select certain numbers of bytes of information from various portions of an 
information product, such as a reference work, and copy them to disc in unencrypted 
form and be billed based on total number of bytes plus a surcharge on the number of 
"articles" that provided the bytes. A content provider might reasonably charge less 
for such a user defined information increment since the user does not require all 
of the content from all of the articles that contained desired information. This 
process of defining a user desired information increment may involve artificial 
intelligence database search tools that contribute to the location of the most 
relevant portions of information from an information product and cause the 
automatic display to the user of information describing search criteria hits for 
user selection or the automatic extraction and delivery of such portions to the 
user. VDE further supports a wide variety of predefined increment types including: 
bytes, images, content over time for audio or video, or any other increment that 
can be identified by content provider data mapping efforts, such as: sentences, 
paragraphs, articles, database records, and byte offsets representing increments of 
logically related information. 

Brief Summary Text (102) : 

Use of bitmap meters (including "regular" and "wide" bitmap meters) to record usage 
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and/or purchase of information, in conjunction with other elements of the preferred 
embodiment of the present invention, uniquely supports efficient maintenance of 
usage history for: (a) rental, (b) flat fee licensing or purchase, (c) licensing or 
purchase discounts based upon historical usage variables, and (d) reporting to 
users in a manner enabling users to determine whether a certain item was acquired, 
or acquired within a certain time period (without requiring the use of conventional 
database mechanisms, which are highly inefficient for these applications) . Bitmap 
meter methods record activities associated with electronic appliances, properties, 
objects, or portions thereof and/or administrative activities that are independent 
of specific properties, objects, etc., performed by a user and/or electronic 
appliance such that a content and/or appliance provider and/or controller of an 
administrative activity can determine whether a certain activity has occurred at 
some point, or during a certain period, in the past {for example, certain use of a 
commercial electronic content product and/or appliance) . Such determinations can 
then be used as part of pricing and/or control strategies of a content and/or 
appliance provider, and/or controller of an administrative activity. For example, 
the content provider may choose to charge only once for access to a portion of a 
property, regardless of the number of times that portion of the property is 
accessed by a user, support "launchable" content, that is content that can be 
provided by a content provider to an end-user, who can then copy or pass along the 
content to other end-user parties without requiring the direct participation of a 
content provider to register and/or otherwise initialize the content for use. This 
content goes "out of (the traditional distribution) channel" in the form of a 
"traveling object." Traveling objects are containers that securely carry at least 
some permissions information and/or methods that are required for their use (such 
methods need not be carried by traveling objects if the required methods will be 
available at, or directly available to, a destination VDE installation) . Certain 
travelling objects may be used at some or all VDE installations of a given VDE 
arrangement since they can make available the content control information necessary 
for content use without requiring the involvement of a commercial VDE value chain 
participant or data security administrator (e.g. a control officer or network 
administrator) . As long as traveling object control information requirements are 
available at the user VDE installation, secure subsystem (such as the presence of a 
sufficient quantity of financial credit from an authorized credit provider) , at 
least some travelling object content may be used by a receiving party without the 
need to establish a connection with a remote VDE authority (until, for example, 
budgets are exhausted or a time content usage reporting interval has occurred) . 
Traveling objects can travel "out-of-channel, " allowing, for example, a user to 
give a copy of a traveling object whose content is a software program, a movie or a 
game, to a neighbor, the neighbor being able to use the traveling object if 
appropriate credit (e.g. an electronic clearinghouse account from a clearinghouse 
such as VISA or AT&T) is available. Similarly, electronic information that is 
generally available on an Internet, or a similar network, repository might be 
provided in the form of a traveling object that can be downloaded and subsequently 
copied by the initial downloader and then passed along to other parties who may 
pass the object on to additional parties, provide very flexible and extensible user 
identification according to individuals, installations, by groups such as classes, 
and by function and hierarchical identification employing a hierarchy of levels of 
client identification (for example, client organization ID, client department ID, 
client network ID, client project ID, and client employee ID, or any appropriate 
subset of the above) . provide a general purpose, secure, component based content 
control and distribution system that functions as a foundation transaction 
operating system environment that employs executable code pieces crafted for 
transaction control and auditing. These code pieces can be reused to optimize 
efficiency in creation and operation of trusted, distributed transaction management 
arrangements. VDE supports providing such executable code in the form of "atomic" 
load modules and associated data. Many such load modules are inherently 
configurable, aggregatable, portable, and extensible and singularly, or in 
combination (along with associated data), run as control methods under the VDE 
transaction operating environment. VDE can satisfy the requirements of widely 
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differing electronic commerce and data security applications by, in part, employing 
this general purpose transaction management foundation to securely process VDE 
transaction related control methods. Control methods are created primarily through 
the use of one or more of said executable, reusable load module code pieces 
{normally in the form of executable object components) and associated data. The 
component nature of control methods allows the present invention to efficiently 
operate as a highly configurable content control, system. Under the present 
invention, content control models can be iteratively and asynchronously shaped, and 
otherwise updated to accommodate the needs of VDE participants to the extent that 
such shaping and otherwise updating conforms to contraints applied by a VDE 
application, if any (e.g., whether new component assemblies are accepted and, if 
so, what certification requirements exist for such component assemblies or whether 
any or certain participants may shape any or certain control information by 
selection amongst optional control information (permissions record) control 
methods. This iterative (or concurrent) multiple participant process occurs as a 
result of the submission and use of secure, control information components 
(executable code such as load modules and/or methods, and/or associated data) . 
These components may be contributed independently by secure communication between 
each control information influencing VDE participant's VDE installation and may 
require certification for use with a given application, where such certification 
was provided by a certification service manager for the VDE arrangement who ensures 
secure interoperability and/or reliability (e.g., bug control resulting from 
interaction) between appliances and submitted control methods. The transaction 
management control functions of a VDE electronic appliance transaction operating 
environment interact with non-secure transaction management operating system 
functions to properly direct transaction processes and data related to electronic 
information security, usage control, auditing, and usage reporting. VDE provides 
the capability to manages resources related to secure VDE content and/or appliance 
control information execution and data storage, facilitate creation of application 
and/or system functionality under VDE and to facilitate integration into electronic 
appliance environments of load modules and methods created under the present 
invention. To achieve this, VDE employs an Application Programmer's Interface (API) 
and/or a transaction operating system (such as a ROS) programming language with 
incorporated functions, both of which support the use of capabilities and can be 
used to efficiently and tightly integrate VDE functionality into commercial and 
user applications, support user interaction through: (a) "Pop-Up" applications 
which, for example, provide messages to users and enable users to take specific 
actions such as approving a transaction, (b) stand-alone VDE applications that 
provide administrative environments for user activities such as: end-user 
preference specifications for limiting the price per transaction, unit of time, 
and/or session, for accessing history information concerning previous transactions, 
for reviewing financial information such as budgets, expenditures (e.g. detailed 
and/or summary) and usage analysis information, and (c) VDE aware applications 
which, as a result of the use of a VDE API and/or a transaction management (for 
example, ROS based) programming language embeds VDE "awareness" into commercial or 
internal software (application programs, games, etc.) so that VDE user control 
information and services are seamlessly integrated into such software and can be 
directly accessed by a user since the underlying functionality has been integrated 
into the commercial software's native design. For example, in a VDE aware word 
processor application, a user may be able to "print" a document into a VDE content 
container object, applying specific control information by selecting from amongst a 
series of different menu templates for different purposes (for example, a 
confidential memo template for internal organization purposes may restrict the 
ability to "keep, " that is to make an electronic copy of the memo) . employ 
"templates" to ease the process of configuring capabilities of the present 
invention as they relate to specific industries or businesses. Templates are 
applications or application add-ons under the present invention. Templates support 
the efficient specification and/or manipulation of criteria related to specific 
content types, distribution approaches, pricing mechanisms, user interactions with 
content and/or administrative activities, and/or the like. Given the very large 
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range of capabilities and configurations supported by the present invention, 
reducing the range of configuration opportunities to a manageable subset 
particularly appropriate for a given business model allows the full configurable 
power of the present invention to be easily employed by "typical" users who would 
be otherwise burdened with complex programming and/or configuration design 
responsibilities template applications can also help ensure that VDE related 
processes are secure and optimally bug free by reducing the risks associated with 
the contribution of independently developed load modules, including unpredictable 
aspects of code interaction between independent modules and applications, as well 
as security risks associated with possible presence of viruses in such modules. 
VDE, through the use of templates, reduces typical user configuration 
responsibilities to an appropriately focused set of activities including selection 
of method types (e.g. functionality) through menu choices such as multiple choice, 
icon selection, and/or prompting for method parameter data (such as identification 
information, prices, budget limits, dates, periods of time, access rights to 
specific content, etc.) that supply appropriate and/or necessary data for control 
information purposes. By limiting the typical (non-programming) user to a limited 
subset of configuration activities whose general configuration environment 
(template) has been preset to reflect general requirements corresponding-to that 
user, or a content or other business model can very substantially limit 
difficulties associated with content containerization (including placing initial 
control information on content), distribution, client administration, electronic 
agreement implementation, end-user interaction, and clearinghouse activities, 
including associated interoperability problems (such as conflicts resulting from 
security, operating system, and/or certification incompatibilities) . Use of 
appropriate VDE templates can assure users that their activities related to content 
VDE containerization, contribution of other control information, communications, 
encryption techniques and/or keys, etc. will be in compliance with specifications 
for their distributed VDE arrangement. VDE templates constitute preset 
configurations that can normally be reconf igurable to allow for new and/or modified 
templates that reflect adaptation into new industries as they evolve or to reflect 
the evolution or other change of an existing industry. For example, the template 
concept may be used to provide individual, overall frameworks for organizations and 
individuals that create, modify, market, distribute, consume, and/or otherwise use 
movies, audio recordings and live performances, magazines, telephony based retail 
sales, catalogs, computer software, information data bases, multimedia, commercial 
communications, advertisements, market surveys, inf omercials , games, CAD/CAM 
services for numerically controlled machines, and the like. As the context 
surrounding these templates changes or evolves, template applications provided 
under the present invention may be modified to meet these changes for broad use, or 
for more focused activities. A given VDE participant may have a plurality of 
templates available for different tasks. A party that places content in its initial 
VDE container may have a variety of different, configurable templates depending on 
the type of content and/or business model related to the content. An end-user may 
have different configurable templates that can be applied to different document 
types (e-mail, secure internal documents, database records, etc.) and/or subsets of 
users (applying differing general sets of control information to different bodies 
of users, for example, selecting a list of users who may, under certain preset 
criteria, use a certain document) . Of course, templates may, under certain 
circumstances have fixed control information and not provide for user selections or 
parameter data entry, support plural, different control models regulating the use 
and/or auditing of either the same specific copy of electronic information content 
and/or differently regulating different copies (occurrences) of the same electronic 
information content. Differing models for billing, auditing, and security can be 
applied to the same piece of electronic information content and such differing sets 
of control information may employ, for control purposes, the same, or differing, 
granularities of electronic information control increments. This includes 
supporting variable control information for budgeting and auditing usage as applied 
to a variety of predefined increments of electronic information, including 
employing a variety of different budgets and/or metering increments for a given 
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electronic information deliverable for: billing units of measure, credit limit, 
security budget limit and security content metering increments, and/or market 
surveying and customer profiling content metering increments. For example, a CD-ROM 
disk with a database of scientific articles might be in part billed according to a 
formula based on the number of bytes decrypted, number of articles containing said 
bytes decrypted, while a security budget might limit the use of said database to no 
more than 5% of the database per month for users on the wide area network it is 
installed on. provide mechanisms to persistently maintain trusted content usage and 
reporting control information through both a sufficiently secure chain of handling 
of content and content control information and through various forms of usage of 
such content wherein said persistence of control may survive such use. Persistence 
of control includes the ability to extract information from a VDE container object 
by creating a new container whose contents are at least in part secured and that 
contains both the extracted content and at least a portion of the control 
information which control information of the original container and/or are at least 
in part produced by control information of the original container for this purpose 
and/or VDE installation control information stipulates should persist and/or 
control usage of content in the newly formed container. Such control information 
can continue to manage usage of container content if the container is "embedded" 
into another VDE managed object, such as an object which contains plural embedded 
VDE containers, each of which contains content derived (extracted) from a different 
source, enables users, other value chain participants {such as clearinghouses and 
government agencies), and/or user organizations, to specify preferences or 
requirements related to their use of electronic content and/or appliances. Content 
users, such as end-user customers using commercially distributed content (games, 
information resources, software programs, etc.), can define, if allowed by senior 
control information, budgets, and/or other control information, to manage their own 
internal use of content. Uses include, for example, a user setting a limit on the 
price for electronic documents that the user is willing to pay without prior 
express user authorization, and the user establishing the character of metering 
information he or she is willing to allow to be collected (privacy protection) . 
This includes providing the means for content users to protect the privacy of 
information derived from their use of a VDE installation and content and/or 
appliance usage auditing. In particular, VDE can prevent information related to a 
participant's usage of electronic content from being provided to other parties 
without the participant's tacit or explicit agreement, provide mechanisms that 
allow control information to "evolve" and be modified according, at least in part, 
to independently, securely delivered 

Brief Summary Text (103) : 

further control information. Said control information may include executable code 
(e.g., load modules) that has been certified as acceptable (e.g., reliable and 
trusted) for use with a specific VDE application, class of applications, and/or a 
VDE distributed arrangement. This modification (evolution) of control information 
can occur upon content control information (load modules and any associated data) 
circulating to one or more VDE participants in a pathway of handling of control 
information, or it may occur upon control information being received from a VDE 
participant. Handlers in a pathway of handling of content control information, to 
the extent each is authorized, can establish, modify, and/or contribute to, 
permission, auditing, payment, and reporting control information related to 
controlling, analyzing, paying for, and/or reporting usage of, electronic content 
and/or appliances (for example, as related to usage of VDE controlled property 
content) . Independently delivered (from an independent source which is independent 
except in regards to certification) , at least in part secure, control information 
can be employed to securely modify content control information when content control 
information has flowed from one party to another party in a sequence of VDE content 
control information handling. This modification employs, for example, one or more 
VDE component assemblies being securely processed in a VDE secure subsystem. In an 
alternate embodiment, control information may be modified by a senior party through 
use of their VDE installation secure sub-system after receiving submitted, at least 
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in part secured, control information from a "junior" party, normally in the form of 
a VDE administrative object. Control information passing along VDE pathways can 
represent a mixed control set, in that it may include: control information that 
persisted through a sequence of control information handlers, other control 
information that was allowed to be modified, and further control information 
representing new control information and/or mediating data. Such a control set 
represents an evolution of control information for disseminated content. In this 
example the overall content control set for a VDE content container is "evolving" 
as it securely (e.g. communicated in encrypted form and using authentication and 
digital signaturing techniques) passes, at least in part, to a new participant's 
VDE installation where the proposed control information is securely received and 
handled. The received control information may be integrated (through use of the 
receiving parties' VDE installation secure sub-system) with in-place control 
information through a negotiation process involving both control information sets. 
For example, the modification, within the secure sub-system of a content provider's 
VDE installation, of content control information for a certain VDE content 
container may have occurred as a result of the incorporation of required control 
information provided by a financial credit provider. Said credit provider may have 
employed their VDE installation to prepare and securely communicate (directly or 
indirectly) said required control information to said content provider. 
Incorporating said required control information enables a content provider to allow 
the credit provider's credit to be employed by a content end-user to compensate for 
the end-user's use of VDE controlled content and/or appliances, so long as said 
end-user has a credit account with said financial credit provider and said credit 
account has sufficient credit available. Similarly, control information requiring 
the payment of taxes and/or the provision of revenue information resulting from 
electronic commerce activities may be securely received by a content provider. This 
control information may be received, for example, from a government agency. Content 
providers might be required by law to incorporate such control information into the 
control information for commercially distributed content and/or services related to 
appliance usage. Proposed control information is used to an extent allowed by 
senior control information and as determined by any negotiation trade-offs that 
satisfy priorities stipulated by each set (the received set and the proposed set) . 
VDE also accommodates different control schemes specifically applying to different 
participants (e.g., individual participants and/or participant classes (types in a 
network of VDE content handling participants, support multiple simultaneous control 
models for the same content property and/or property portion. This allows, for 
example, for concurrent business activities which are dependent on electronic 
commercial product content distribution, such as acquiring detailed market survey 
information and/or supporting advertising, both of which can increase revenue and 
result in lower content costs to users and greater value to content providers. Such 
control information and/or overall control models may be applied, as determined or 
allowed by control information, in differing manners to different participants in a 
pathway of content, reporting, payment, and/or related control information 
handling. VDE supports applying different content control information to the same 
and/or different content and/or appliance usage related activities, and/or to 
different parties in a content and/or appliance usage model, such that different 
parties (or classes of VDE users, for example) are subject to differing control 
information managing their use of electronic information content. For example, 
differing control models based on the category of a user as a distributor of a VDE 
controlled content object or an end-user of such content may result in different 
budgets being applied. Alternatively, for example, a one distributor may have the 
right to distribute a different array of properties than another distributor (from 
a common content collection provided, for example, on optical disc) . An individual, 
and/or a class or other grouping of end-users, may have different costs (for 
example, a student, senior citizen, and/or poor citizen user of content who may be 
provided with the same or differing discounts) than a "typical" content user, 
support provider revenue information resulting from customer use of content and/or 
appliances, and/or provider and/or end -user payment of taxes, through the transfer 
of credit and/or electronic currency from said end-user and/or provider to a 
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government agency, might occur "automatically" as a result of such received control 
information causing the generation of a VDE content container whose content 
includes customer content usage information reflecting secure, trusted revenue 
summary information and/or detailed user transaction listings (level of detail 
might depend, for example on type or size of transaction — information regarding a 
bank interest payment to a customer or a transfer of a large (e.g. over $10,000) 
might be, by law, automatically reported to the government) . Such summary and/or 
detailed information related to taxable events and/or currency, and/or creditor 
currency transfer, may be passed along a pathway of reporting and/or payment to the 
government in a VDE container. Such a container may also be used for other VDE 
related content usage reporting information, support the flowing of content control 
information through different "branches" of content control information handling so 
as to accommodate, under the present invention's preferred embodiment, diverse 
controlled distributions of VDE controlled content. This allows different parties 
to employ the same initial electronic content with differing (perhaps competitive) 
control strategies. In this instance, a party who first placed control information 
on content can make certain control assumptions and these assumptions would evolve 
into more specific and/or extensive control assumptions. These control assumptions 
can evolve during the branching sequence upon content model participants submitting 
control information changes, for example, for use in "negotiating" with "in place" 
content control information. This can result in new or modified content control 
information and/or it might involve the selection of certain one or more already 
"in-place" content usage control methods over in-place alternative methods, as well 
as the submission of relevant control information parameter data. This form of 
evolution of different control information sets applied to different copies of the 
same electronic property content and/or appliance results from VDE control 
information flowing "down" through different branches in an overall pathway of 
handling and control and being modified differently as it diverges down these 
different pathway branches. This ability of the present invention to support 
multiple pathway branches for the flow of both VDE content control information and 
VDE managed content enables an electronic commerce marketplace which supports 
diverging, competitive business partnerships, agreements, and evolving overall 
business models which can employ the same content properties combined, for example, 
in differing collections of content representing differing at least in part 
competitive products, enable a user to securely extract, through the use of the 
secure subsystem at the user's VDE installation, at least a portion of the content 
included within a VDE content container to produce a new, secure object (content 
container), such that the extracted information is maintained in a continually 
secure manner through the extraction process. Formation of the new VDE container 
containing such extracted content shall result in control information consistent 
with, or specified by, the source VDE content container, and/or local VDE 
installation secure subsystem as appropriate, content control information. Relevant 
control information, such as security and administrative information, derived; at 
least in part, from the parent (source) object's control information, will normally 
be automatically inserted into a new VDE content container object containing 
extracted VDE content. This process typically occurs under the control framework of 
a parent object and/or VDE installation control information executing at the users 
VDE installation secure subsystem (with, for example, at least a portion of this 
inserted control information being stored securely in encrypted form in one or more 
permissions records) . In an alternative embodiment, the derived content control 
information applied to extracted content may be in part or whole derived from, or 
employ, content control information stored remotely from the VDE installation that 
performed the secure extraction such as at a remote server location. As with the 
content control information for most VDE managed content, features of the present 
invention allows the content's control information to: (a) "evolve," for example, 
the extractor of content may add new control methods and/or modify control 
parameter data, such as VDE application compliant methods, to the extent allowed by 
the content's in-place control information. Such new control information might 
specify, for example, who may use at least a portion of the new object, and/or how 
said at least a portion of said extracted content may be used (e.g. when at least a 
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portion may be used, or what portion or quantity of portions may be used) ; (b) 
allow a user to combine additional content with at least a portion of said 
extracted content, such as material authored by the extractor and/or content (for 
example, images, video, audio, and/or text) extracted from one or more other VDE 
container objects for placement directly into the new container; (c) allow a user 
to securely edit at least a portion of said content while maintaining said content 
in a secure form within said VDE content container; (d) append extracted content to 
a pre-existing VDE content container object and attach associated control 
information — in these cases, user added information may be secured, e.g., 
encrypted, in part or as a whole, and may be subject to usage and/or auditing 
control information that differs from the those applied to previously in place 
object content; (e) preserve VDE control over one or more portions of extracted 
content after various forms of usage of said portions, for example, maintain 
content in securely stored form while allowing "temporary" on screen display of 
content or allowing a software program to be maintained in secure form but 
transiently decrypt any encrypted executing portion of said program (all, or only a 
portion, of said program may be encrypted to secure the program) . 

Brief Summary Text (104): 

Generally, the extraction features of the present invention allow users to 
aggregate and/or disseminate and/or otherwise use protected electronic content 
information extracted from content container sources while maintaining secure VDE 
capabilities thus preserving the rights of providers in said content information 
after various content usage processes, support the aggregation of portions of VDE 
controlled content, such portions being subject to differing VDE content container 
control information, wherein various of said portions may have been provided by 
independent, different content providers from one or more different locations 
remote to the user performing the aggregation. Such aggregation, in the preferred 
embodiment of the present invention, may involve preserving at least a portion of 
the control information (e.g., executable code such as load modules) for each of 
various of said portions by, for example, embedding some or all of such portions 
individually as VDE content container objects within an overall VDE content 
container and/or embedding some or all of such portions directly into a VDE content 
container. In the latter case, content control information of said content 
container may apply differing control information sets to various of such portions 
based upon said portions original control information requirements before 
aggregation. Each of such embedded VDE content container may have its own control 
information in the form of one or more permissions records. Alternatively, a 
negotiation between control information associated with various aggregated portions 
of electronic content, may produce a control information set that would govern some 
or all of the aggregated content portions. The VDE content control information 
produced by the negotiation may be uniform (such as having the same load modules 
and/or component assemblies, and/or it may apply differing such content control 
information to two or more portions that constitute an aggregation of VDE 
controlled content such as differing metering, budgeting, billing and/or payment 
models. For example, content usage payment may be automatically made, either 
through a clearinghouse, or directly, to different content providers for different 
potions, enable flexible metering of, or other collection of information related 
to, use of electronic content and/or electronic appliances. A feature of the 
present invention enables such flexibility of metering control mechanisms to 
accommodate a simultaneous, broad array of: (a) different parameters related to 
electronic information content use; (b) different increment units (bytes, 
documents, properties, paragraphs, images, etc.) and/or other organizations of such 
electronic content; and/or (c) different categories of user and/or VDE installation 
types, such as client organizations, departments, projects, networks, and/or 
individual users, etc. This feature of the present invention can be employed for 
content security, usage analysis (for example, market surveying), and/or 
compensation based upon the use and/or exposure to VDE managed content. Such 
metering is a flexible basis for ensuring payment for content royalties, licensing, 
purchasing, and/or advertising. A feature of the present invention provides for 
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payment means supporting flexible electronic currency and credit mechanisms, 
including the ability to securely maintain audit trails reflecting information 
related to use of such currency or credit. VDE supports multiple differing 
hierarchies of client organization control information wherein an organization 
client administrator distributes control information specifying the usage rights of 
departments, users, and/or projects. Likewise, a department (division) network 
manager can function as a distributor (budgets, access rights, etc.) for department 
networks, projects, and/or users, etc. provide scalable, integratable, standardized 
control means for use on electronic appliances ranging from inexpensive consumer 
(for example, television set-top appliances) and professional devices (and hand- 
held PDAs) to servers, mainframes, communication switches, etc. The scalable 
transaction management /auditing technology of the present invention will result in 
more efficient and reliable interoperability amongst devices functioning in 
electronic commerce and/or data security environments. As standardized physical 
containers have become essential to the shipping of physical goods around 
the/world, allowing these physical containers to universally "fit" unloading 
equipment, efficiently use truck and train space, and accommodate known arrays of 
objects (for example, boxes) in an efficient manner, so VDE electronic content 
containers may, as provided by the present invention, be able to efficiently move 
electronic information content (such as commercially published properties, 
electronic currency and credit, and content audit information), and associated 
content control information, around the world Interoperability is fundamental to 
efficient electronic commerce. The design of the VDE foundation, VDE load modules, 
and VDE containers, are important features that enable the VDE node operating 
environment to be compatible with a very broad range of electronic appliances. The 
ability, for example, for control methods based on load modules to execute in very 
"small" and inexpensive secure sub-system environments, such as environments with 
very little read/write memory, while also being able to execute in large memory 
sub-systems that may be used in more expensive electronic appliances, supports 
consistency across many machines. This consistent VDE operating environment, 
including its control structures and container architecture, enables the use of 
standardized VDE content containers across a broad range of device types and host 
operating environments. Since VDE capabilities can be seamlessly integrated as 
extentions, additions, and/or modifications to fundamental capabilities of 
electronic appliances and host operating systems, VDE containers, content control 
information, and the VDE foundation will be able to work with many device types and 
these device types will be able to consistently and efficiently interpret and 
enforce VDE control information. Through this integration users can also benefit 
from a transparent interaction with many of the capabilities of VDE. VDE 
integration with software operating on a host electronic appliance supports a 
variety of capabilities that would be unavailable or less secure without such 
integration. Through integration with one or more device applications and/or device 
operating environments, many capabilities of the present invention can be presented 
as inherent capabilities of a given electronic appliance, operating system, or 
appliance application. For example, features of the present invention include: (a) 
VDE system software to in part extend and/or modify host operating systems such 
that they possesses VDE capabilities, such as enabling secure transaction 
processing and electronic information storage; (b) one or more application programs 
that in part represent tools associated with VDE operation; and/or (c) code to be 
integrated into application programs, wherein such code incorporates references 
into VDE system software to integrate VDE capabilities and makes such applications 
VDE aware (for example, word processors, database retrieval applications, 
spreadsheets, multimedia presentation authoring tools, film editing software, music 
editing software such as MIDI applications and the like, robotics control systems 
such as those associated with CAD/CAM environments and NCM software and the like, 
electronic mail systems, teleconferencing software, and other data authoring, 
creating, handling, and/or usage applications including combinations of the above) . 
These one or more features (which may also be implemented in firmware or hardware) 
may be employed in conjunction with a VDE node secure hardware processing 
capability, such as a microcontroller (s) , microprocessor (s ) , other CPU(s) or other 
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digital processing logic, employ audit reconciliation and usage pattern evaluation 
processes that assess, through certain, normally network based, transaction 
processing reconciliation and threshold checking activities, whether certain 
violations of security of a VDE arrangement have occurred. These processes are 
performed remote to VDE controlled content end-user VDE locations by assessing, for 
example, purchases, and/or requests, for electronic properties by a given VDE 
installation. Applications for such reconciliation activities include assessing 
whether the quantity of remotely delivered VDE controlled content corresponds to 
the amount of financial credit and/or electronic currency employed for the use of 
such content. A trusted organization can acquire information from content providers 
concerning the cost for content provided to a given VDE installation and/or user 
and compare this cost for content with the credit and/or electronic currency 
disbursements for that installation and/or user. Inconsistencies in the amount of 
content delivered versus the amount of disbursement can prove, and/or indicate, 
depending on the circumstances, whether the local VDE installation has been, at 
least to some degree, compromised (for example, certain important system security 
functions, such as breaking encryption for at least some portion of the secure 
subsystem and/or VDE controlled content by uncovering one or more keys) . 
Determining whether irregular patterns (e.g. unusually high demand) of content 
usage, or requests for delivery of certain kinds of VDE controlled information 
during a certain time period by one or more VDE installations and/or users 
(including, for example, groups of related users whose aggregate pattern of usage 
is suspicious) may also be useful in determining whether security at such one or 
more installations, and/or by such one or more users, has been compromised, 
particularly when used in combination with an assessment of electronic credit 
and/or currency provided to one or more VDE users and/or installations, by some or 
all of their credit and/or currency suppliers, compared with the disbursements made 
by such users and/or installations, support security techniques that materially 
increase the time required to "break" a system's integrity. This includes using a 
collection of techniques that minimizes the damage resulting from comprising some 
aspect of the security features of the present inventions, provide a family of 
authoring, administrative, reporting, payment, and billing tool user applications 
that comprise components of the present invention's trusted/secure, universe wide, 
distributed transaction control and administration system. These components support 
VDE related: object creation (including placing control information on content), 
secure object distribution and management (including distribution control 
information, financial related, and other usage analysis), client internal VDE 
activities administration and control, security management, user interfaces, 
payment disbursement, and clearinghouse related functions. These components are 
designed to support highly secure, uniform, consistent, and standardized: 
electronic commerce and/or data security pathway(s) of handling, reporting, and/or 
payment; content control and administration; and human factors (e.g. user 
interfaces) . support the operation of a plurality of clearinghouses, including, for 
example, both financial and user clearinghouse activities, such as those performed 
by a client administrator in a large organization to assist in the organization's 
use of a VDE arrangement, including usage information analysis, and control of VDE 
activities by individuals and groups of employees such as specifying budgets and 
the character of usage rights available under VDE for certain groups of and/or 
individual, client personnel, subject to control information series to control 
information submitted by the client administrator. At- a clearinghouse, one or more 
VDE installations may operate together with a trusted distributed database 
environment (which may include concurrent database processing means) . A financial 
clearinghouse normally receives at its location securely delivered content usage 
information, and user requests (such as requests for further credit, electronic 
currency, and/or higher credit limit) . Reporting of usage information and user 
requests can be used for supporting electronic currency, billing, payment and 
credit related activities, and/or for user profile analysis and/or broader market 
survey analysis and marketing (consolidated) list generation or other information 
derived, at least in part, from said usage information, this information can be 
provided to content providers or other parties, through secure, authenticated 
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encrypted communication to the VDE installation secure subsystems. Clearinghouse 
processing means would normally be connected to specialized I/O means, which may 
include high speed telecommunication switching means that may be used for secure 
communications between a clearinghouse and other VDE pathway participants, securely 
support electronic currency and credit usage control, storage, and communication 
at, and between, VDE installations. VDE further supports automated passing of 
electronic currency and/or credit information, including payment tokens (such as in 
the form of electronic currency or credit) or other payment information, through a 
pathway of payment, which said pathway may or may not be the same as a pathway for 
content usage information reporting. Such payment may be placed into a VDE 
container created automatically by a VDE installation in response to control 
information stipulating the "withdrawal" of credit or electronic currency from an 
electronic credit or currency account based upon an amount owed resulting from 
usage of VDE controlled electronic content and/or appliances. Payment credit or 
currency may then be automatically communicated in protected (at least in part 
encrypted) form through telecommunication of a VDE container to an appropriate 
party such as a clearinghouse, provider of original property content or appliance, 
or an agent for such provider (other than a clearinghouse) . Payment information may 
be packaged in said VDE content container with, or without, related content usage 
information, such as metering information. An aspect of the present invention 
further enables certain information regarding currency use to be specified as 
unavailable to certain, some, or all VDE parties ("conditionally" to fully 
anonymous currency) and/or further can regulate certain content information, such 
as currency and/r credit use related information (and/or other electronic 
information usage data) to be available only under certain strict circumstances, 
such as a court order (which may itself require authorization through the use of a 
court controlled VDE installation that may be required to securely access 
"conditionally" anonymous information) . Currency and credit information, under the 
preferred embodiment of the present invention, is treated as administrative 
content; support fingerprinting (also known as watermarking) for embedding in 
content such that when content protected under the present invention is released in 
clear form from a VDE object (displayed, printed, communicated, extracted, and/or 
saved) , information representing the identification of the user and/or VDE 
installation responsible for transforming the content into clear form is embedded 
into the released content. Fingerprinting is useful in providing an ability to 
identify who extracted information in clear form a VDE container, or who made a 
copy of a VDE object or a portion of its contents. Since the identity of the user 
and/or other identifying information may be embedded in an obscure or generally 
concealed manner, in VDE container content and/or control information, potential 
copyright violators may be deterred from unauthorized extraction or copying. 
Fingerprinting normally is embedded into unencrypted electronic content or control 
information, though it can be embedded into encrypted content and later place in 
unencrypted content in a secure VDE installation sub-system as the encrypted 
content carrying the fingerprinting information is decrypted. Electronic 
information, such as the content of a VDE container, may be fingerprinted as it 
leaves a network (such as Internet ) location bound for a receiving party. Such 
repository information may be maintained in unencrypted form prior to communication 
and be encrypted as it leaves the repository. Fingerprinting would preferably take 
place as the content leaves the repository, but before the encryption step. 
Encrypted repository content can be decrypted, for example in a secure VDE sub- 
system, fingerprint information can be inserted, and then the content can be re- 
encrypted for transmission. Embedding identification information of the intended 
recipient user and/or VDE installation into content as it leaves, for example, an 
Internet repository, would provide important information that would identify or 
assist in identifying any party that managed to compromise the security of a VDE 
installation or the delivered content. If a party produces an authorized clear form 
copy of VDE controlled content, including making unauthorized copies of an 
authorized clear form copy, fingerprint information would point back to that 
individual and/or his or her VDE 
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Brief Summary Text (105) : 

installation. Such bidden information will act as a strong disincentive that should 
dissuade a substantial portion of potential content "pirates" from stealing other 
parties electronic information. Fingerprint inflation identifying a receiving party 
and/or VDE installation can be embedded into a VDE object before or during, 
decryption, replication, or communication of VDE content objects to receivers. 
Fingerprinting electronic content before it is encrypted for transfer to a customer 
or other user provides information that can be very useful for identifying who 
received certain content which may have then been distributed or made available in 
unencrypted form. This information would be useful in tracking who may have 
"broken" the security of a VDE installation and was illegally making certain 
electronic content available to others. Fingerprinting may provide additional, 
available information such as time and/or date of the release (for example 
extraction) of said content information. Locations for inserting fingerprints may 
be specified by VDE installation and/or content container control information. This 
information may specify that certain areas and/or precise locations within 
properties should be used for fingerprinting, such as one or more certain fields of 
information or information types. Fingerprinting information may be incorporated 
into a property by modifying in a normally undetectable way color frequency and/or 
the brightness of certain image pixels, by slightly modifying certain audio signals 
as to frequency, by modifying font character formation, etc. Fingerprint 
information, itself, should be encrypted so as to make it particularly difficult 
for tampered fingerprints to be interpreted as valid. Variations in fingerprint 
locations for different copies of the same property; "false" fingerprint 
information; and multiple copies of fingerprint information within a specific 
property or other contents which copies employ different fingerprinting techniques 
such as information distribution patterns, frequency and/or brightness 
manipulation, and encryption related techniques, are features of the present 
invention for increasing the difficulty of an unauthorized individual identifying 
fingerprint locations and erasing and/or modifying fingerprint information, provide 
smart object agents that can carry requests, data, and/or methods, including 
budgets, authorizations, credit or currency, and content. For example, smart 
objects may travel to and/or from remote information resource locations and fulfill 
requests for electronic information content. Smart objects can, for example, be 
transmitted to a remote location to perform a specified database search on behalf 
of a user or otherwise "intelligently" search remote one or more repositories of 
information for user desired information. After identifying desired information at 
one or more remote locations, by for example, performing one or more database 
searches, a smart object may return via communication to the user in the form of a 
secure "return object" containing retrieved information. A user may be charged for 
the remote retrieving of information, the returning of information to the user's 
VDE installation, and/or the use of such information. In the latter case a user may 
be charged only for the information in the return object that the user actually 
uses. Smart objects may have the means to request use of one of more services 
and/or resources. Services include locating other services and/or resources such as 
information resources, language or format translation, processing, credit (or 
additional credit) authorization, etc. Resources include reference databases, 
networks, high powered or specialized computing resources (the smart object may 
carry information to another computer to be efficiently processed and then return 
the information to the sending VDE installation), remote object repositories, etc. 
Smart objects can make efficient use of remote resources (e.g. centralized 
databases, super computers, etc.) while providing a secure means for charging users 
based on information and/or resources actually used, support both "translations" of 
VDE electronic agreements elements into modern language printed agreement elements 
(such as English language agreements) and translations of electronic rights 
protection/transaction management modern language agreement elements to electronic 
VDE agreement elements. This feature requires maintaining a library of textual 
language that corresponds to VDE load modules and/or methods and/or component 
assemblies. As VDE methods are proposed and/or employed for VDE agreements, a 
listing of textual terms and conditions can be produced by a VDE user application 
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which, in a preferred embodiinent, provides phrases, sentences and/or paragraphs 
that have been stored and correspond to said methods and/or assemblies. This 
feature preferably employs artificial intelligence capabilities to analyze and 
automatically determine, and/or assist one or more users to determine, the proper 
order and relationship between the library elements corresponding to, the chosen 
methods and/or assemblies so as to compose some or all portions of a legal or 
descriptive document. One or more users, and/or preferably an attorney (if the 
document a legal, binding agreement), would review the generated document material 
upon completion and employ such additional textual information and/or editing as 
necessary to describe non electronic transaction elements of the agreement and make 
any other improvements that may be necessary. These features further support 
employing modern language tools that allow one or more users to make selections 
from choices and provide answers to questions and to produce a VDE electronic 
agreement from such a process. This process can be interactive and the VDE 
agreement formulation process may employ artificial intelligence expert system 
technology that learns from responses and, where appropriate and based at least in 
part on said responses, provides further choices and/or questions which "evolves" 
the desired VDE electronic agreement, support the use of multiple VDE secure 
subsystems in a single VDE installation. Various security and/or performance 
advantages may be realized by employing a distributed VDE design within a single 
VDE installation. For example, designing a hardware based VDE secure subsystem into 
an electronic appliance VDE display device, and designing said subsystem's 
integration with said display device so that it is as close as possible to the 
point of display, will increase the security for video materials by making it 
materially more difficult to "steal" decrypted video information as it moves from 
outside to inside the video system. Ideally, for example, a VDE secure hardware 
module would be in the same physical package as the actual display monitor, such as 
within the packaging of a video monitor or other display device, and such device 
would be designed, to the extent commercially practical, to be as tamper resistant 
as reasonable. As another example, embedding a VDE hardware module into an I/O 
peripheral may have certain advantages from the standpoint of overall system 
throughput. If multiple VDE instances are employed within the same VDE 
installation, these instances will ideally share resources to the extent practical, 
such as VDE instances storing certain control information and content and/or 
appliance usage information on the same mass storage device and in the same VDE 
management database, requiring reporting and payment compliance by employing 
exhaustion of budgets and time ageing of keys. For example, a VDE commercial 
arrangement and associated content control information may involve a content 
provider's content and the use of clearinghouse credit for payment for end-user 
usage of said content. Control information regarding said arrangement may be 
delivered to a user's (of said content) VDE installation and/or said financial 
clearinghouse's VDE installation. Said control information might require said 
clearinghouse to prepare and telecommunicate to said content provider both content 
usage based information in a certain form, and content usage payment in the form of 
electronic credit (such credit might be "owned" by the provider after receipt and 
used in lieu of the availability or adequacy of electronic currency) and/or 
electronic currency. This delivery of information and payment may employ trusted 
VDE installation secure subsystems to securely, and in some embodiments, 
automatically, provide in the manner specified by said control information, said 
usage information and payment content. Features of the present invention help 
ensure that a requirement that a clearinghouse report such usage information and 
payment content will be observed. For example, if one participant to a VDE 
electronic agreement fails to observe such information reporting and/or paying 
obligation, another participant can stop the delinquent party from successfully 
participating in VDE activities related to such agreement. For example if required 
usage information and payment was not reported as specified by content control 
information, the "injured" party can fail to provide, through failing to securely 
communicate from his VDE installation secure subsystem, one or more pieces of 
secure information necessary for the continuance of one or more critical processes. 
For example, failure to report information and/or payment from a clearinghouse to a 
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content provider (as well as any security failures or other disturbing 
irregularities) can result in the content provider not providing key and/or budget 
refresh information to the clearinghouse, which information can be necessary to 
authorize use of the clearinghouse's credit for usage of the provider's content and 
which the clearinghouse would communicate to end-user's during a content usage 
reporting communication between the clearinghouse and end-user. As another example, 
a distributor that failed to make payments and/or report usage information to a 
content provider might find that their budget for creating permissions records to 
distribute the content provider's content to users, and/or a security budget 
limiting one or more other aspect of their use of the provider's content, are not 
being refreshed by the content provider, once exhausted or timed-out (for example, 
at a predetermined date) . In these and other cases, the offended party might decide 
not to refresh time ageing keys that had "aged out." Such a use of time aged keys 
has a similar impact as failing to refresh budgets or time-aged authorizations, 
support smart card implementations of the present invention in the form of portable 
electronic appliances, including cards that can be employed as secure credit, 
banking, and/or money cards. A feature of the present invention is the use of 
portable VDEs as transaction cards at retail and other establishments, wherein such 
cards can "dock" with an establishment terminal that has a VDE secure sub-system 
and/or an online connection to a VDE secure and/or otherwise secure and compatible 
subsystem, such as a "trusted" financial clearinghouse (e.g., VISA, Mastercard). 
The VDE card and the terminal (and/or online connection) can securely exchange 
information related to a transaction, with credit and/or electronic currency being 
transferred to a merchant and/or clearinghouse and transaction information flowing 
back to the card. Such a card can be used for transaction activities of all sorts. 
A docking station, such as a PCMCIA connector on an electronic appliance, such as a 
personal computer, can receive a consumer's VDE card at home. Such a station/card 
combination can be used for on-line transactions in the same manner as a VDE 
installation that is permanently installed in such an electronic appliance. The 
card can be used as an "electronic wallet" and contain electronic currency as well 
as credit provided by a clearinghouse. The card can act as convergence point for 
financial activities of a consumer regarding many, if not all, merchant, banking, 
and on-line financial transactions, including supporting home banking activities. A 
consumer can receive his paycheck and/or investment earnings and/or "authentic" VDE 
content container secured detailed information on such receipts, through on-line 
connections. A user can send digital currency to another party with a VDE 
arrangement, including giving away such currency. A VDE card can retain details of 
transactions in a highly secure and database organized fashion so that financially 
related information is both consolidated and very easily retrieved and/or analyzed. 
Because of the VDE security, including use of effective encryption, authentication, 
digital signaturing, and secure database structures, the records contained within a 
VDE card arrangement may be accepted as valid transaction records for government 
and/or corporate recordkeeping requirements. In some embodiments of the present 
invention a VDE card may employ docking station and/or electronic appliance storage 
means and/or share other VDE arrangement means local to said appliance and/or 
available across a network, to augment the information storage capacity of the VDE 
card, by for example, storing dated, and/or archived, backup information. Taxes 
relating to some or all of an individual's financial activities may be 
automatically computed based on "authentic" information securely stored and 
available to said VDE card. Said information may be stored in said card, in said 
docking station, in an associated electronic appliance, and/or other device 
operatively attached thereto, and/or remotely, such as at a remote server site. A 
card's data, e.g. transaction history, can be backed up to an individual's personal 
computer or other electronic appliance and such an appliance may have an integrated 
VDE installation of its own. A current transaction, recent transactions (for 
redundancy) , or all or other selected card data may be backed up to a remote backup 
repository, such a VDE compatible repository at a financial clearinghouse, during 
each or periodic docking for a financial transaction and/or information 
communication such as a user/merchant transaction. Backing up at least the current 
transaction during a connection with another party's VDE installation (for example 



h eb bgeeefc ef 



e ge 



i 



Record Display Form 



Page 19 of 43 



a VDE installation that is also on a financial or general purpose electronic 
network) , by posting transaction information to a remote clearinghouse and/or bank, 
can ensure that sufficient backup is conducted to enable complete reconstruction of 
VDE card internal information in the event of a card failure or loss, support 
certification processes that ensure authorized interoperability between various VDE 
installations so as to prevent VDE arrangements and/or installations that 
unacceptably deviate in specification protocols from other VDE arrangements and/or 
installations from interoperating in a manner that may introduce security 
(integrity and/or confidentiality of VDE secured information), process control, 
and/or software compatibility problems. Certification validates the identity of VDE 
installations and/or their components, as well as VDE users. Certification data can 
also serve as information that contributes to determining the decommissioning or 
other change related to VDE sites, support the separation of fundamental 
transaction control processes through the use of event (triggered) based method 
control mechanisms. These event methods trigger one or more other VDE methods 
(which are available to a secure VDE sub-system) and are used to carry out VDE 
managed transaction related processing. These triggered methods include 
independently (separably) and securely processable component billing management 
methods, budgeting management methods, metering management methods, and related 
auditing management processes. As a result of this feature of the present 
invention, independent triggering of metering, auditing, billing, and budgeting 
methods, the present invention is able to efficiently, concurrently support 
multiple financial currencies (e.g. dollars, marks, yen) and content related 
budgets, and/or billing increments as well as very flexible content distribution 
models, support, complete, modular separation of the control structures related to 
(1) content event triggering, (2) auditing, (3) budgeting (including specifying no 
right of use or unlimited right of use) (4) billing, and (5) user identity (VDE 
installation, client name, department, network, and/or user, etc.). The 
independence of these VDE control structures provides a flexible system which 
allows plural relationships between two or more of these structures, for example, 
the ability to associate a financial budget with different event trigger structures 
(that are put in place to enable controlling content based on its logical 
portions) . Without such separation between these basic VDE capabilities, it would 
be more difficult to efficiently maintain separate metering, budgeting, 
identification, and/or billing activities which involve the same, differing 
(including overlapping), or entirely different, portions of content for metering, 
billing, budgeting, and user identification, for example, paying fees associated 
with usage of content, performing home banking, managing advertising services, etc. 
VDE modular separation of these basic capabilities supports the programming of 
plural, "arbitrary" relationships between one or differing content portions (and/or 
portion units) and budgeting, auditing, and/or billing control information. For 

Brief Summary Text (116): 

Normally, most usage, audit, reporting, payment, and distribution control methods 
are themselves at least in part encrypted and are executed by the secure subsystem 
of a VDE installation. Thus, for example, billing and metering records can be 
securely generated and updated, and encryption and decryption keys are securely 
utilized, within a secure subsystem. Since VDE also employs secure (e.g. encrypted 
and authenticated) communications when passing information between the participant 
location (nodes) secure subsystems of a VDE arrangement, important components of a 
VDE electronic agreement can be reliably enforced with sufficient security 
(sufficiently trusted) for the intended commercial purposes. A VDE electronic 
agreement for a value chain can be composed, at least in part, of one or more 
subagreements between one or more subsets of the value chain participants. These 
subagreements are comprised of one or more electronic contract "compliance" 
elements (methods including associated parameter data) that ensure the protection 
of the rights of VDE participants. 

Brief Summary Text (118): 

The updating of property management files at each location of a VDE arrangement, to 
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accominodate new or modified control information, is performed in the VDE secure 
subsystem and under the control of secure management file updating programs 
executed by the protected subsystem. Since all secure communications are at least 
in part encrypted and the processing inside the secure subsystem is concealed from 
outside observation and interference, the present invention ensures that content 
control information can be enforced. As a result, the creator and/or distributor 
and/or client administrator and/or other contributor of secure control information 
for each property (for example, an end-user restricting the kind of audit 
information he or she will allow to be reported and/or a financial clearinghouse 
establishing certain criteria for use of its credit for payment for use of 
distributed content) can be confident that their contributed and accepted control 
information will be enforced (within the security limitations of a given VDE 
security implementation design) . This control information can determine, for 
example: (1) How and/or to whom electronic content can be provided, for example, 
how an electronic property can be distributed; (2) How one or more objects and/or 
properties, or portions of an object or property, can be directly used, such as 
decrypted, displayed, printed, etc; (3) How payment for usage of such content 
and/or content portions may or must be handled; and (4) How audit information about 
usage information related to at least a portion of a property should be collected, 
reported, and/or used. 

Brief Summary Text (122): 

VDE supports commercially secure "extended" value chain electronic agreements. VDE 
can be configured to support the various underlying agreements between parties that 
comprise this extended agreement. These agreements can define important electronic 
commerce considerations including: (1) security, (2) content use control, including 
electronic distribution, (3) privacy (regarding, for example, information 
concerning parties described by medical, credit, tax, personal, and/or of other 
forms of confidential information), (4) management of financial processes, and (5) 
pathways of handling for electronic content, content and/or appliance control 
information, electronic content and/or appliance usage information and payment 
and/or credit . 

Brief Summary Text (123) : 

VDE agreements may define the electronic commerce relationship of two or more 
parties of a value chain, but such agreements may, at times, not directly obligate 
or otherwise directly involve other VDE value chain participants. For example, an 
electronic agreement between a content creator and a distributor may establish both 
the price to the distributor for a creator's content (such as for a property 
distributed in a VDE container object) and the number of copies of this object that 
this distributor may distribute to end-users over a given period of time. In a 
second agreement, a value chain end-user may be involved in a three party agreement 
in which the end-user agrees to certain requirements for using the distributed 
product such as accepting distributor charges for content use and agreeing to 
observe the copyright rights of the creator. A third agreement might exist between 
the distributor and a financial clearinghouse that allows the distributor to employ 
the clearinghouse's credit for payment for the product if the end-user has a 
separate (fourth) agreement directly with the clearinghouse extending credit to the 
end-user. A fifth, ■ evolving agreement may develop between all value chain 
participants as content control information passes along its chain of handling. 
This evolving agreement can establish the rights of all parties to content usage 
information, including, for example, the nature of information to be received by 
each party and the pathway of handling of content usage information and related 
procedures. A sixth agreement in this example, may involve all parties to the 
agreement and establishes certain general assumptions, such as security techniques 
and degree of trustedness (for example, commercial integrity of the system may 
require each VDE installation secure subsystem to electronically warrant that their 
VDE node meets certain interoperability requirements) . In the above example, these 
six agreements could comprise agreements of an extended agreement for this 
commercial value chain instance. 
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Detailed Description Text (9) : 

For example, the video production studio 204 in the upper right-hand corner of FIG. 
1 may create video/television programs. Video production studio 204 may send these 
programs over lines 202, or may use other paths such as satellite link 205 and CD 
ROM delivery service 216. Video production studio 204 can send the programs 
directly to consumers 206, 208, 210, or it can send the programs to information 
utility 200 which may store and later send them to the consumers, for example. 
Consumers 206, 208, 210 are each capable of receiving and using the programs 
created by video production studio 204 — assuming, that is, that the video 
production studio or information utility 200 has arranged for these consumers to 
have appropriate "rules and controls" (control information) that give the consumers 
rights to use the programs. 

Detailed Description Text (24): 

In this FIG. 2 example, information relating to content use is, as shown by arrow 
114, reported to a financial clearinghouse 116. Based on this "reporting," the 
financial clearinghouse 116 may generate a bill and send it to the content user 112 
over a "reports and payments " network 118. Arrow 120 shows the content user 112 
providing payments for content usage to the financial clearinghouse 116. Based on 
the reports and payments it receives, the financial clearinghouse 116 may provide 
reports and/or payments to the distributor 106. The distributor 106 may, as shown 
by arrow 122, provide reports and/or payments to the content creator 102. The 
clearinghouse 116 may provide reports and payments directly to the creator 102. 
Reporting and/or payments may be done differently. For example, clearinghouse 116 
may directly or through an agent, provide reports and/or payments to each of VDE 
content creators 102, and rights distributor 106, as well as reports to content 
user 112. 

Detailed Description Text (30) : 

"Rules and controls" may self limit if and how they may be changed. Often, "rules 
and controls" specified by one VDE participant cannot be changed by another VDE 
participant. For example, a content user 112 generally can't change "rules and 
controls" specified by a distributor 106 that require the user to pay for content 
usage at a certain rate. "Rules and controls" may "persist" as they pass through a 
"chain of handling and control," and may be "inherited" as they are passed down 
from one VDE participant to the next. 

Detailed Description Text (36) : 

The virtual distribution environment 100 also allows payment and reporting means to 
be delivered separately. For example, the content user 112 may have a virtual 
"credit card" that extends credit (up to a certain limit) to pay for usage of any 
content. A "credit transaction" can take place at the user's site without requiring 
any "online" connection or further authorization. This invention can be used to 
help securely protect the virtual "credit card" against unauthorized use. 

Detailed Description Text (39) : 

The "events process" 402 detects things that happen ("events") and determines which 
of those "events" need action by the other "processes." The "events" may include, 
for example, a request to use content or generate a usage permission. Some events 
may need additional processing, and others may not. Whether an "event" needs more 
processing depends on the "rules and controls" corresponding to the content. For 
example, a user who lacks permission will not have her request satisfied ("No Go") . 
As another example, each user request to turn to a new page of an electronic book 
may be satisfied ("Go"), but it may not be necessary to meter, bill or budget those 
requests. A user who has purchased a copy of a novel may be permitted to open and 
read the novel as many times as she wants to without any further metering, billing 
or budgeting. In this simple example, the "event process" 402 may request metering, 
billing and/or budgeting processes the first time the user asks to open the 
protected novel (so the purchase price can be charged to the user ), and treat all 
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later requests to open the same novel as "insignificant events." Other content (for 
example, searching an electronic telephone directory) may require the user to pay a 
fee for each access. 

Detailed Description Text (40) : 

"Meter" process 404 keeps track of events, and may report usage to distributor 106 
and/or other appropriate VDE participant ( s ) . FIG. 4 shows that process 404 can be 
based on a number of different factors such as: (a) type of usage to charge for, 
(b) what kind of unit to base charges on, (c) how much to charge per unit, (d) when 
to report, and (e) how to pay. 

Detailed Description Text (56) : 

SPU 500 in this example is an integrated circuit ("IC") "chip" 504 including 
"hardware" 506 and "firmware" 508. SPU 500 connects to the rest of the electronic 
appliance through an "appliance link" 510. SPU "firmware" 508 in this example is 
"software" such as a "computer program(s)" "embedded" within chip 504. Firmware 508 
makes the hardware 506 work. Hardware 506 preferably contains a processor to 
perform instructions specified by firmware 508. "Hardware" 506 also contains long- 
term and short-term memories to store information securely so it can't be tampered 
with. SPU 500 may also have a protected clock/calendar used for timing events. The 
SPU hardware 506 in this example may include special purpose electronic circuits 
that are specially designed to perform certain processes (such as "encryption" and 
"decryption") rapidly and efficiently. 

Detailed Description Text (60) : 

Electronic appliance 600 in this example may include a keyboard or keypad 612, a 
voice recognizer 613, and a display 614. A human user can input commands through 
keyboard 612 and/or voice recognizer 613, and may view information on display 614. 
Appliance 600 may communicate with the outside world through any of the 
connections/devices normally used within an electronic appliance. The 
connections/devices shown along the bottom of the drawing are examples: a "modem" 
618 or other telecommunications link ; a CD ROM disk 620 or other storage medium or 
device; a printer 622; broadcast reception 624; a document scanner 626; and a 
"cable" 628 connecting the appliance with a "network." 

Detailed Description Text (70) : 

In the example shown, I/O controller 660 is connected to secondary storage device 
652, a keyboard/display 612,614, a communications controller 666, and a backup 
storage device 668. Backup storage device 668 may, for example, store information 
on mass media such as a tape 670, a floppy disk, a removable memory card, etc. 
Communications controller 666 may allow electronic appliance 600 to communicate 
with other electronic appliances via network 672 or other telecommunications links . 
Different electronic appliances 600 may interoperate even if they use different 
CPUs and different instances of ROS 602, so long as they typically use compatible 
communication protocols and/or security methods. In this example, I/O controller 
660 permits CPU 654 and SPU 500 to read from and write to secondary storage 662, 
keyboard/display 612, 614, communications controller 666, and backup storage device 
668. 

Detailed Description Text (75) : 

Each VDE node or other electronic appliance 600 in the preferred embodiment may 
include one or more SPUs 500. SPUs 500 may be used to perform all secure processing 
for VDE 100. For example, SPU 500 is used for decrypting (or otherwise unsecuring) 
VDE protected objects 300. It is also used for managing encrypted and/or otherwise 
secured communication (such as by employing authentication and/or error-correction 
validation of information) . SPU 500 may also perform secure data management 
processes including governing usage of, auditing of, and where appropriate, payment 
for VDE objects 300 (through the use of prepayments, credits, real-time electronic 
debits from bank accounts and/or VDE node currency token deposit accounts) . SPU 500 
may perform other transactions related to such VDE objects 300. 
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Detailed Description Text (111) : 

Bus interface unit (BIU) 530 conmiunicates information between SPU 500 and the 
outside world across the security barrier 502. BIU 530 shown in FIG. 9 plus 
appropriate driver software may comprise the "appliance link " 510 shown in FIG. 6. 
Bus interface unit 530 may be modelled after a USART or PCI bus interface in the 
preferred embodiment. In this example, BIU 530 connects SPU 500 to electronic 
appliance system bus 653 shown in FIG. 8. BIU 530 is designed to prevent 
unauthorized access to internal components within SPU 500 and their contents. It 
does this by only allowing signals associated with an SPU 500 to be processed by 
control programs running on microprocessor 520 and not supporting direct access to 
the internal elements of an SPU 500. 

Detailed Description Text (150) : 

ROS 602 supports multiple processors. ROS 602 in the preferred embodiment supports 
any number of local and/or remote processors. Supported processors may include at 
least two types: one or more electronic appliance processors 654, and/or one or 
more SPUs 500. A host processor CPU 654 may provide storage, database, and 
communications services. SPU 500 may provide cryptographic and secured process 
execution services. Diverse control and execution structures supported by ROS 602 
may require that processing of control information occur within a controllable 
execution space — this controllable execution space may be provided by SPU 500. 
Additional host and/or SPU processors may increase efficiencies and/or 
capabilities. ROS 602 may access, coordinate and/or manage further processors 
remote to an electronic appliance 600 (e.g., via network or other communications 
link ) to provide additional processor resources and/or capabilities. 

Detailed Description Text (199): 

ROS 602 generates component assemblies 690 in a secure manner. As shown graphically 
in FIGS. Ill and IIJ, the different elements comprising a component assembly 690 
may be "interlocking" in the sense that they can only go together in ways that are 
intended by the VDE participants who created the elements and/or specified the 
component assemblies. ROS 602 includes security protections that can prevent an 
unauthorized person from modifying elements, and also prevent an unauthorized 
person from substituting elements. One can picture an unauthorized person making a 
new element having the same "shape" as the one of the elements shown in FIGS. IID- 
IIH, and then attempting to substitute the new element in place of the original 
element. Suppose one of the elements shown in FIG. IIH establishes the price for 
using content within a VDE object 300. If an unauthorized person could substitute 
her own "price" element for the price element intended by the VDE content 
distributor, then the person could establish a price of zero instead of the price 
the content distributor intended to charge. Similarly, if the element establishes 
an electronic credit card, then an ability to substitute a different element could 
have disastrous consequences in terms of allowing a person to charge her usage to 
someone else's (or a non-existent) credit card. These are merely a few simple 
examples demonstrating the importance of ROS 602 ensuring that certain component 
assemblies 690 are formed in a secure manner. ROS 602 provides a wide range of 
protections against a wide range of "threats" to the secure handling and execution 
of component assemblies 690. 

Detailed Description Text (360) : 

If External Services Manager 772 is used to access VDE objects, many different 
techniques are possible. For example, the VDE objects may be formatted for use with 
the World Wide Web protocols ( HTML, HTTP, and URL) by including relevant headers, 
content tags, host ID to URL conversion (e.g., using Name Services Manager 752} and 
an HTTP-aware instance of Services Transport Layer 786. 

Detailed Description Text (378): 

Communications subsystem 776, as discussed above, may be a conventional 
communications service that provides a network manager 780 and a mail gateway 
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manager 782. Mail filters 784 may be provided to automatically route objects 300 
and other VDE information to/from the outside world. Communications subsystem 776 
may support a real time content feed 684 from a cable, satellite or other 
telecommunications link . 

Detailed Description Text (447) : 

The channel services manager 562 may be passed an identification of the event 
(e.g., the "event code"). The channel services manager 562 parses one or more 
method cores 1000' that are part of the component assembly (ies) 690 the channel 
services manager is to assemble. It performs this parsing to determine which method 
(s) and data structure (s) are invoked by the type of event. Channel manager 562 
then issues calls (e.g., to secure database manager 566) to obtain the methods and 
data structure (s) needed to build the component assembly 690. These called-for 
method(s) and data structure (s) (e.g., load modules 1100, UDEs 1200 and/or MDEs 
1202) are each decrypted using encrypt /decrypt manager 556 (if necessary), and are 
then each validated using key and tag manager 558. Channel manager 562 constructs 
any necessary "jump table" references to, in effect, " link " or "bind" the elements 
into a single cohesive executable so the load module (s) can reference data 
structures and any other load module (s) in the component assembly. Channel manager 
562 may then issue calls to LMEM 568 to load the executable as an active task. 

Detailed Description Text (449): 

"Channel header" 596 in the preferred embodiment is (or references) the data 
structure (s) and associated control program(s) that queues events from channel 
event sources, processes these events, and releases the appropriate tasks specified 
in the "channel detail record" for processing. A "channel detail record" in the 
preferred embodiment links an event to a "swap block" (i.e., task) associated with 
that event. The "swap block" may reference one or more load modules 1100, UDEs 1200 
and private data areas required to properly process the event. One swap block and a 
corresponding channel detail item is created for each different event the channel 
can respond to. 

Detailed Description Text (535) : 

The "out of channel" distribution may also allow the provider to receive payment 
for usage and/or elsewise maintain at least a degree of control over the 
redistributed object. Such certain criteria might involve, for example, the 
registered presence at a user's VDE node of an authorized third party financial 
relationship, such as a credit card, along with sufficient available credit for 
said usage. 

Detailed Description Text (540) : 

The methods 1000 contained by a traveling object will typically include an 
installation procedure for "self registering" the object using the permission 
records 808 in the object (e.g., a REGISTER method). This may be especially useful 
for objects that have time limited value, objects (or properties) for which the end 
user is either not charged or is charged only a nominal fee (e.g., objects for 
which advertisers and/or information publishers are charged based on the number of 
end users who actually access published information) , and objects that require 
widely available budget and may particularly benefit from out-of -channel 
distribution (e.g., credit card derived budgets for objects containing properties 
such as movies, software programs, games, etc.). Such traveling objects may be 
supplied with or without contained budget UDEs. 

Detailed Description Text (608): 

A further example of a map meter includes stoning a record of all applicable atomic 
elements that the user has paid to use (or alternatively, has been metered as 
having used, though payment may not yet have been required or made) . Such a usage 
map would support a very efficient and flexible way to allow subsequent user usage 
of the same atomic elements. 
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Detailed Description Text (741) : 

Control of event processing, reciprocal events, and their associated methods and 
method components is provided by PERCs 808 in the preferred embodiment. These PERCs 
(808) might reference administrative methods that govern the creation, 
modification, and distribution of the data structures and administrative methods 
that permit access, modification, and further distribution of these items. In this 
way, each link in the chain of handling and control might, for example, be able to 
customize audit information, alter the budget requirements for using the content, 
and/or control further distribution of these rights in a manner specified by prior 
members along the distribution chain. 

Detailed Description Text (761) : 

The steps shown in FIG. 43a may be, for example, performed at a user VDE node in 
response to some action by or on behalf of the user. For example the user may ask 
to access an object that has not yet been (or is not now) properly registered to 
her. In response to such a user request, the REGISTER method 2400 may prime a 
Register Audit Trail UDE (blocks 2402, 2404) before determining whether the object 
being requested has already been registered (decision block 2406) . If the object 
has already been registered ("yes" exit to decision block 2406), the REGISTER 
method may terminate (at termination point 2408) . If the object is not already 
registered ("no" exit to decision block 2406), then REGISTER method 2400 may access 
the VDE node secure database PERC 808 and/or Register MDE (block 2410). REGISTER 
method 2400 may extract an appropriate Register Record Set from this PERC 808 
and/or Register MDE (block 2412), and determine whether all of the required 
elements are present that are needed to register the object (decision block 2414). 
If some piece(s) is missing ("no" exit to decision block 2414), REGISTER method 
24 00 may queue a Register request record to a communication manager and then 
suspend the REGISTER method until the queued request is satisfied (blocks 2416, 
2418) . Block 2416 may have the effect of communicating a register request to a VDE 
distributor, for example. When the request is satisfied and the register request 
record has been received (block 2420), then the test of decision block 2414 is 
satisfied ("yes" exit to decision block 2414), and REGISTER method 2400 may 
proceed. At this stage, the REGISTER method 2400 may allow the user to select 
Register options from the set of method options allowed by PERC 808 accessed at 
block 2410 (block 2422). As one simple example, the PERC 808 may permit the user to 
pay by VISA or MasterCard but not by American Express; block 2422 may display a 
prompt asking the user to select between paying using her VISA card and paying 
using her MasterCard (block 2424). The REGISTER method 2400 preferably validates 
the user selected registration options and requires the user to select different 
options if the initial user options were invalid (block 2426, "no" exit to decision 
block 2428) . Once the user has made all required registration option selections and 
those selections have been validated ("yes" exit to decision block 2428), the 
REGISTER method 2400 may write an User Registration Table (URT) corresponding to 
this object and this user which embodies the user registration selections made by 
the user along with other registration information required by PERC 808 and/or the 
Register MDE (blocks 2430, 2432) . REGISTER method 2400 may then write a Register 
audit record into the secure database (blocks 2432, 2434) before terminating (at 
terminate point 2436) . 

Detailed Description Text (776) : 

In addition, the preferred embodiment provides an optimization called "precheck." 
EVENT method/process 402 may perform this "precheck" based on metering, billing and 
budget information to determine whether processing based on an event will be 
allowed. Suppose, for example, that the user has already exceeded her budget with 
respect to accessing certain information content so that no further access is 
permitted. Although BUDGET method 408 could make this determination, records and 
processes performed by BUDGET method 404 and/or BILLING method 406 might have to be 
"undone" to, for example, prevent the user from being charged for an access that 
was actually denied. It may be more efficient to perform a "precheck" within EVENT 
method 4 02 so that fewer transactions have to be "undone." 



h eb bgeeefc ef 



e ge 



Record Display Form 



Page 26 of 43 



Detailed Description Text (800) : 

Assuming the proper URT for this user and object is present such that the object is 
registered for this user ("yes" exit to decision block 1522), control method 1502 
may determine whether the object is already open for this user (decision block 
1528) . This test may avoid creating a redundant channel for opening an object that 
is already open. Assuming the object is not already open ("no" exit to decision 
block 1528), control method 1502 creates a channel and binds appropriate open 
control elements to it (block 1530) . It reads the appropriate open control elements 
from the secure database (or the container, such as, for example, in the case of a 
travelling object), and "binds" or " links " these particular appropriate control 
elements together in order to control opening of the object for this user. Thus, 
block 1530 associates an event with one or more appropriate method core(s), 
appropriate load modules, appropriate User Data Elements, and appropriate Method 
Data Elements read from the secure database (or the container) (block 1532) . At 
this point, control method 1502 specifies the open event (which started the OPEN 
method to begin with), the object ID and user ID (determined by block 1520), and 
the channel ID of the channel created by block 1530 to subsequent EVENT method 
1504, METER method 1506, BILLING method 1508 and BUDGET method 1510 to provide a 
secure database "transaction" (block 1536) . Before doing so, control method 1502 
may prime an audit process (block 1533) and write audit information into an audit 
UDE (block 1534) so a record of the transaction exists even if the transaction 
fails or is interfered with. 

Detailed Description Text (1048) : 

Finally, the end-to-end nature of VDE applications, in which content 108 flows in 
one direction, generating reports and bills 118 in the other, makes it possible to 
perform "back-end" consistency checks. Such checks, performed in clearinghouses 
116, can detect patterns of use that may or do indicate fraud (e.g., excessive 
acquisition of protected content without any corresponding payment, usage records 
without corresponding billing records) . The fine grain of usage reporting and the 
ready availability of usage records and reports in electronic form enables 
sophisticated fraud detection mechanisms to be built so that fraud-related costs 
can be kept to an acceptable level. 

Detailed Description Text (1111) : 

The portable appliance 2600 or other VDE electronic appliance 600, can, in one 
embodiment, also automate many tax collection functions. A VDE electronic appliance 
600 may, with great security, record financial transactions, identify the nature of 
the transaction, and identify the required sales or related government transaction 
taxes, debit the taxes from the users available credit, and securely communicate 
this' information to one or more government agencies directly at some interval (for 
example monthly) , and/or securely transfer this information to, for example, a 
financial clearinghouse, which would then transfer one or more secure, encrypted 
(or unsecure, calculated by clearinghouse, or otherwise computed) information audit 
packets (e.g., VDE content containers and employing secure VDE communication 
techniques) to the one or more appropriate, participating government agencies. The 
overall integrity and security of VDE 100 could ensure, in a coherent and 
centralized manner, that electronic reporting of tax related information (derived 
from one or more electronic commerce activities) would be valid and comprehensive. 
It could also act as a validating source of information on the transfer of sales 
tax collection (e.g., if, for example, said funds are transferred directly to the 
government by a commercial operation and/or transferred in a manner such that 
reported tax related information cannot be tampered with by other parties in a VDE 
pathway of tax information handling) . A government agency could select transactions 
randomly, or some subset or all of the reported transactions for a given commercial 
operation can be selected. This could be used to ensure that the commercial 
operation is actually paying to the government all appropriate collected finds 
required for taxes, and can also ensure that end -users are charged appropriate 
taxes for their transactions (including receipt of interest from bank accounts, 
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investments, gifts, etc. 
Detailed Description Text (1128) : 

These significant problems in using software agents have not be adequately 
addressed in the past. The open, flexible control structures provided by VDE 100 
addresses these problems by providing the desired control and accountability for 
software agents (e.g., agent objects). For example, VDE 100 positively controls 
content access and usage, provides guarantee of payment for content used, and 
enforces budget limits for accessed content. These control capabilities are well 
suited to controlling the activities of a dispatched agent by both the process that 
dispatches the agent and the resource accessed by the dispatched agent. 

Detailed Description Text (1141): 

4. A right to have information returned to the user without charge (charges to be 
incurred on release of information and payment will be by a VISA budget) 

Detailed Description Text (1180) : 

FIG. 75E shows a more high-level view of an electronic contract 3200 formed as a 
"result" of a negotiation process as described above. Electronic contract 3200 may 
include multiple clauses 3202 and multiple digital signatures 3204. Each clause 
3202 may comprise a PERC/URT such as item 3160 described above and shown in FIG. 
75D. Each "clause" 3202 of electronic contract 3200 thus corresponds to a component 
assembly 690 that may be assembled and executed by a VDE electronic appliance 600. 
Just as in normal contracts, there may be as many contract clauses 3202 within 
electronic contract 3200 as is necessary to embody the "agreement" between the 
"parties." Each of clauses 3202 may have been electronically negotiated and may 
thus embody a part of the "agreement" (e.g., a "compromise") between the parties. 
Electronic contract 3200 is "self -executing" in the sense that it may be literally 
executed by a machine, i.e., a VDE electronic appliance 600 that assembles 
component assemblies 690 as specified by various electronic clauses 3202. 
Electronic contract 3200 may be automatically "enforced" using the same VDE 
mechanisms discussed above that are used in conjunction with any component assembly 
690. For example, assuming that a clause 3202(2) corresponds to a payment or 
BILLING condition or term, its corresponding component assembly 690 when assembled 
by a user's VDE electronic appliance 600 may automatically determine whether 
conditions are right for payment and, when they are, automatically access an 
appropriate payment mechanism (e.g., a virtual "credit card" object for the user) 
to arrange that payment to be made. As another example, assuming that electronic 
contract clause N 3202 (N) corresponds to a user's obligation to provide auditing 
information to a particular VDE participant, electronic contract 3200 will cause 
VDE electronic appliance 600 to assemble a corresponding component assembly 690 
that may, for example, access the appropriate audit trails within secure database 
610 and provide them in an administrative object to the correct participant. FIG. 
75F shows that clause 3202 (N) may, for example, specify a component assembly 690 
that arranges for multiple steps in a transaction 3206 to occur. Some of these 
steps (e.g., step 3208(4), 3208(5)) may be conditional on a test (e.g., 3208(3)) 
such as, for example, whether content usage has exceeded a certain amount, whether 
a certain time period has expired, whether a certain calendar date has been 
reached, etc. 

Detailed Description Text (1199) : 

In "trusted negotiator" negotiations, all parties provide their demands and 
preferences to a "trusted" negotiator and agree to be bound by her decision. This 
is similar to binding arbitration in today's society. VDE enables this mode of 
negotiation by providing an environment in which a "trusted" negotiation service 
may be created. VDE provides not only the mechanism by which demands, desires, and 
limits may be concisely specified (e.g., in PERCs) , but in which the PERCs may be 
securely transferred to a "trusted" negotiation service along with a rule set that 
specifies how the negotiation will be conducted, and by providing a secure 
execution environment so that the negotiation process may not be tampered with. 
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Trusted negotiator services can be used at VDE sites where the integrity of the 
site is well known. Remote trusted negotiation services can be used by VDE sites 
that do not possess sufficient computing resources to execute one or more 
negotiation process (es); they can establish a communication link to a VDE site that 
provides this service and permits the service to handle the negotiation on their 
behalf. "Zero-based" knowledge negotiations share some characteristics of the zero- 
based knowledge protocols used for authentication. It is well understood in the art 
how to construct a protocol that can determine if a remote site is the holder of a 
specific item without exchanging or exposing the item. This type of protocol can be 
constructed between two negotiation processes operating on at least one VDE site 
using a control set as their knowledge base. The negotiation processes may exchange 
information about their control sets, and may make demands and counter proposals 
regarding using their individual rule sets. For example, negotiation process A may 
communicate with negotiation process B to negotiate rights to read a book. 
Negotiation process A specifies that it will pay not more than $10.00 for rights to 
read the book, and prefers to pay between $5.00 and $6.00 for this right. Process 
A's rule set also specifies that for the $5.00 option, it will permit the release 
of the reader's name and address. Process B's rule set specifies that it wants 
$50.00 for rights to read the book, and will provide the book for $5.50 if the user 
agrees to release information about himself. The negotiation might go something 
like this: 

Detailed Description Text (1205): 

To open a VDE package and make use of its content, an enduser must have permission. 
Distributors 106 can grant these permissions, and can very flexibly (if permitted 
by senior control information) limit or otherwise specify the ways in which package 
contents may be used. Distributors 106 and financial clearinghouses 116 also 
typically have financial responsibilities (they may be the same organization in 
some circumstances if desired) . They ensure that any payments required from end- 
users fulfill their own and any other participant's requirements. This is achieved 
by auditing usage. 

Detailed Description Text (1215) : 

Independent financial providers can play an important role in VDE 100. The VDE 
financial provider role is similar to the role played by organizations such as VISA 
in traditional distribution scenarios. In any distribution model, authorizing 
payments for use of products or services and auditing usage for consistency and 
irregularities, is critical. In VDE 100, these are the roles filled by independent 
financial providers. The independent financial providers may also provide audit 
services to content providers. Thus, budgets or limits on use, and audits, or 
records of use, may be processed by (and may also be put in place by) 
clearinghouses 116, and the clearinghouses may then collect usage payments from 
users 112. Any VDE user 112 may assign the right to process information or perform 
services on their behalf to the extend allowed by senior control information. The 
arrangement by which one VDE participant acts on behalf of another is called a 
"proxy." Audit, distribution, and other important rights may be "proxied" if 
permitted by the content provider. One special type of "proxy" is the VDE 
administrator 116b. A VDE administrator is an organization (which may be acting 
also as a financial clearinghouse 116) that has permission to manage (for example, 
"intervene" to reset) some portion or all of VDE secure subsystem control 
information for VDE electronic appliances. This administration right may extend 
only to admitting new appliances to a VDE infrastructure and to recovering 
"crashed" or otherwise inoperable appliances, and providing periodic VDE updates. 

Detailed Description Text (1220) : 

The content of an object 300 created by an author may be generated with the 
assistance of a VDE aware application program or a non-VDE aware application 
program. The content of the object created by an author in conjunction with such 
programs may include text, formatted text, pictures, moving pictures, sounds, 
computer software, multimedia, electronic games, electronic training materials. 
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various types of files, and so on, without limitation. The authoring process may 
encapsulate content generated by the author in an object, encrypt the content with 
one or more keys, and append one or more methods to define parameters of allowed 
use and/or required auditing of use and/or payment for use of the object by users 
(and/or by authorized users only) . The authoring process may also include some or 
all aspects of distributing the object. 

Detailed Description Text (1223): 

A VDE node electronic appliance 600 may receive and process audit records on behalf 
of an object provider if that VDE node receives any necessary administrative 
budget, audit method, and audit key information (used, for example, to decrypt 
audit trails), from the object provider. An auditing-capable VDE electronic 
appliance 600 may control execution of audit reduction methods. "Audit reduction" 
in the preferred embodiment is the process of extracting information from audit 
records and/or. processes that an object provider (e.g., any object provider along 
a chain of handling of the object) has specified to be reported to an object's 
distributors, object creators, client administrators, and/or any other user of 
audit information. This may include, for example, advertisers who may be required 
to pay for a user's usage of object content. In one embodiment, for example, a 
clearinghouse can have the ability to "append" budget, audit method, and/or audit 
key information to an object or class or other grouping of objects located at a 
user site or located at an object provider site to ensure that desired audit 
processes will take place in a "trusted" fashion. A participant in a chain of 
handling of a VDE content container and/or content container control information 
object may act as a "proxy" for another party in a chain of handling of usage 
auditing information related to usage of object content (for example a 
clearinghouse, an advertiser, or a party interested in market survey and/or 
specific customer usage information) . This may be done by specifying, for that 
other party, budget, audit method, and/or key information that may be necessary to 
ensure audit information is gathered and/or provided to, in a proper manner, said 
additional party. For example, employing specification information provided by said 
other party. 

Detailed Description Text (1271): 

Distribution involves three types of entity. Creators usually are the source of 
distribution. They typically set the control structure "context" and can control 
the rights which are passed into a distribution network. Distributors are users who 
form a link between object (content) end users and object (content) creators. They 
can provide a two-way conduit for rights and audit data. Clearinghouses may provide 
independent financial services, such as credit and/or billing services, and can 
serve as distributors and/or creators. Through a permissions and budgeting process, 
these parties collectively can establish fine control over the type and extent of 
rights usage and/or auditing activities. 

Detailed Description Text (1273): 

An "encumbrance" is a special type of VDE budget. When that a budget distribution 
of any type occurs, an "encumbrance" may be generated. An encumbrance is 
indistinguishable from an original budget for right exercise (e.g., content usage 
payment ) purposes, but is uniquely identified within distribution records as to the 
amount of the encumbrance, and all necessary information to complete a shipping 
record to track the whereabouts of an encumbrance. For right exercise purposes, an 
encumbrance is identical to an original budget; but for tracking purposes, it is 
uniquely identifiable. 

Detailed Description Text (1288): 

A content creator or other content control information provider may budget a user 
(such as a distributor) to create an unlimited number of permissions records for a 
content object, but revoke this right and/or other important usage rights through 
an expiration/termination process if the user does not report his usage (provide an 
audit report) at some expected one or more points in time and/or after a certain 
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interval of time (and/or if the user fails to pay for his usage or violates other 
aspects of the agreement between the user and the content provider) . This 
termination {or suspension or other specified consequence) can be enforced, for 
example, by the expiration of time-aged encryption keys which were employed to 
encrypt one or more aspects of control information. This same termination (or other 
specified consequence such as budget reduction, price increase, message displays on 
screen to users, messages to administrators, etc.) can also be the consequence of 
the failure by a user or the users VDE installation to complete a monitored 
process, such as paying for usage in electronic currency, failure to perform 
backups of important stored information (e.g., content and/or appliance usage 
information, control information, etc.), failure to use a repeated failure to use 
the proper passwords or other identifiers, etc.). 

Detailed Description Text (1294): 

An important function of an auditor (receiver of audit information) is to pass 
administrative events back to a user VDE node in acknowledgement that audit 
information has been received and/or "recognized." In the preferred embodiment, the 
receipt and/or acceptance of audit information may be followed by two processes. 
The first event will cause the audit data at a VDE node which prepared an audit 
report to be deleted, or compressed into, or added to, one or more summary values. 
The second event, or set of events, will "inform" the relevant security (for 
example, termination and/or other consequence) control information (for example, 
budgets) at said VDE node of the audit receipt, modify expiration dates, provide 
key updates, and/or etc. In most cases, these events will be sent immediately to a 
site after an audit trail is received. In some cases, this transmission may be 
delayed to, for example, first allow processing of the audit trail and/or payment 
by a user to an auditor or other party. 

Detailed Description Text (1312): 

Research can be automatically managed using VDE. Smart objects can be, used to 
securely search out, pay for if necessary, and retrieve information from VDE 
enabled information resources on the information highway. 

Detailed Description Text (1313) : 

Examples of such resources might include LEXIS, Westlaw, and other related legal 
databases. Once the information is retrieved, it may be securely embedded in the 
VDE content client container. If the smart object still contains unreleased 
information, the entire smart object may be embedded in the client's VDE container. 
This places the unreleased information under double VDE control requirements: those 
associated with releasing the information from smart object (such as payment and/or 
auditing requirements) and those associated with access to, or other usage of, 
client information of the specified type. 

Detailed Description Text (1345) : 

As the "Digital Highway" emerges, there is increased discussion concerning the 
distribution of content across networks and, in particular, public networks such as 
the Internet. Content may be made available across public networks in several ways 
including: "mailing" content to a user in response to a request or advance purchase 
(sending a token representing the commitment of electronic funds or credit to 
purchase an item); supporting content downloadable from an organization's own 
content repository, such a repository comprising, for example, a store of products 
(such as software programs) and/or a store of information resources, normally 
organized into one or more databases; and supporting a public repository into which 
other parties can deposit their products for redistribution to customers (normally 
by making electronic copies for distribution to a customer in response to a 
request) . 

Detailed Description Text (1348): 

VDE repositories may also offer other VDE services. For example, a repository may 
choose to offer financial services in the form of credit from the repository that 
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may be used to pay fees associated with use of VDE objects obtained from the 
repository. Alternatively or in addition, a VDE repository may perform audit 
information clearinghouse services on behalf of VDE creators or other participants 
(e.g. distributors, redistributors, client administrators, etc.) for usage 
information reported by VDE users. Such services may include analyzing such usage 
information, creating reports, collecting payments, etc. 

Detailed Description Text (1349) : 

A "full service" VDE repository may be very attractive to both providers and users 
of VDE managed content. Providers of VDE managed content may desire to place their 
content in a location that is well known to users, offers credit, and/or performs 
audit services for them. In this case, providers may be able to focus on creating 
content, rather than managing the administrative processes associated with making 
content available in a "retail" fashion, collecting audit information from many VDE 
users, sending and receiving bills and payments, etc. VDE users may find the 
convenience of a single location (or an integrated arrangement of repositories) 
appealing as they are attempting to locate content of interest. In addition, a full 
service VDE repository may serve as a single location for the reporting of usage 
information generated as a consequence of their use of VDE managed content received 
from a VDE repository and/or, for example, receiving updated software (e.g. VDE- 
aware applications, load modules, component assemblies, non VDE-aware applications, 
etc.) VDE repository services may be employed in conjunction with VDE content 
delivery by broadcast and/or on physical media, such as CD-ROM, to constitute an 
integrated array of content resources that may be browsed, searched, and/or 
filtered, as appropriate, to fulfill the content needs of VDE users. 

Detailed Description Text (1358): 

The repository 3302 receives the completed registration information from author 
3306A and uses this information to build an account profile for author 3306A. In 
addition, software associated with the authoring process may be transmitted to 
author 3306A. This software may, for example, allow author 3306A to place content 
into a VDE content container with appropriate controls in such a way that many of 
the decisions associated with creating such containers are made automatically to 
reflect the use of the repository 3302 as a content system and/or a clearinghouse 
system (for example, the location of content, the party to contact for updates to 
content and/or controls associated with content, the party or parties to whom audit 
information may and/or must be transmitted and the pathways for such communication, 
the character of audit information that is collected during usage, the forms of 
payment that are acceptable for use of content, the frequency of audit 
transmissions required, the frequency of billing, the form of abstract and/or other 
identifying information associated with content, the nature of at least a portion 
of content usage control information, etc.) 

Detailed Description Text (1363) : 

One factor in a potentially ongoing financial relationship between the repository 
and author 3306A may relate to usage of submitted content by end users 3310. For 
example, author 3306A may negotiate an arrangement with the repository wherein the 
repository is authorized to keep 20% of the total revenues generated from end users 
3310 in exchange for maintaining the repository services (e.g. making content 
available to end users 3310, providing electronic credit, performing billing 
activities, collecting fees, etc.) A financial relationship may be recorded in 
control structures in flexible and configurable ways. For example, the financial 
relationship described above could be created in a VDE container and/or 
installation control structure devised by author 3306A to reflect author 3306A's 
financial requirements and the need for a 20% split in revenue with the repository 
wherein all billing activities related to usage of submitted content could be 
processed by the repository, and control structures representing reciprocal methods 
associated with various component assemblies required for use of author 3306A's 
submitted content could be used to calculate the 20% of revenues. Alternatively, 
the repository may independently and securely add and/or modify control structures 
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originating from author 3306A in order to reflect an increase in price. Under some 
circumstances, author 3306A may not be directly involved (or have any knowledge of) 
the actual price that the repository charges for usage activities, and may concern 
herself only with the amount of revenue and character of usage analysis information 
that she requires for her own purposes, which she specifies in VDE control 
information which governs the use, and consequences of use, of VDE controlled 
content . 

Detailed Description Text (1369) : 

In order to provide a manageable user interface to the content available to VDE 
repository end users 3310 and to provide administrative information used in the 
determination of control information packaged in VDE content containers shipped to 
end users 3310, the repository in this example includes a content catalog 3322. 
This catalog is used to record information related to the VDE content in content 
storage, and/or content available through the repository reflected in content 
references. The content catalog 3322 may consist of titles of content, abstracts, 
and other identifying information. In addition, the catalog may also indicate the 
forms of electronic agreement and/or agreement VDE template applications (offering 
optional, selectable control structures and/or one or more opportunities to provide 
related parameter data) that are available to end users 3310 through the repository 
for given pieces of content in deciding, for example, options and/or requirements 
for: what type(s) of information is recorded during such content's use, the charge 
for certain content usage activities, differences in charges based on whether or 
not certain usage information is recorded and/or made available to the repository 
and/or content provider, the redistribution rights associated with such content, 
the reporting frequency for audit transmissions, the forms of credit and/or 
currency that may be used to pay certain fees associated with use of such content, 
discounts related to certain volumes of usage, discounts available due to the 
presence of rights associated with other content from the same and/or different 
content providers, sales, etc. Furthermore, a VDE repository content catalog 3322 
may indicate some or all of the component assemblies that are required in order to 
make use of content such that the end user's system and the repository can exchange 
messages to help ensure that any necessary VDE component assemblies or other VDE 
control information is identified, and if necessary and authorized, are delivered 
along with such content to the end user (rather than, for example, being requested 
later after their absence has been detected during a registration and/or use 
attempt) . 

Detailed Description Text (1375): 

An end user may make use of credit and/or currency securely stored within the end 
user's VDE installation secure subsystem to pay for charges related to use of VDE 
content received from the repository, and/or the user may maintain a secure credit 
and/or currency account remotely at the repository including a "virtual" repository 
where payment is made for the receipt of such content by an end user. This later 
approach may provide greater assurance for payment to the repository and/or content 
providers particularly if the end user has only an HPE based secure subsystem. If 
an end user electronic credit and/or currency account is maintained at the 
repository in this example, charges are made to said account based on end user 
receipt of content from the repository. Further charges to such a remote end user 
account may be made based on end user usage of such received content and based upon 
content usage information communicated to the repository clearinghouse system 
3302B. 

Detailed Description Text (1376) : 

In this example, if an end user does not have a relationship established with a 
financial provider (who has authorized the content providers whose content may be 
obtained through use of the repsitory to make use of their currency and/or credit 
to pay for any usage fees associated with such provider's content) and/or if an end 
user desires a new source of such credit, the end user may request credit from the 
repository clearinghouse system 3302B. If an end user is approved for credit, the 
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repository may extend credit in the form of credit amounts (e.g. recorded in one or 
more UDEs) associated with a budget method managed by the repository. Periodically, 
usage information associated with such a budget method is transmitted by the end 
user to the audit system of the repository. After such a transmission {but 
potentially before the connection is terminated) , an amount owing is recorded for 
processing by the billing system, and in accordance with the repository's business 
practices, the amount of credit available for use by the end user may be 
replenished in the same or subsequent transmission. In this example, the 
clearinghouse of the repository supports a billing system with a paper system for 
resolving amounts owed through the mail, a credit card system for resolving amounts 
owed through charges to one or more credit cards, and an electronic finds transfer 
system for resolving such amounts through direct debits to a bank account. The 
repository may automatically make payments determined by the disbursement system 
for monies owed to authors through use of similar means. Additional detail 
regarding the audit process is provided below. 

Detailed Description Text (1379) : 

Audit information (related to usage of content received from the repository) in 
this example is securely received from end users 3310 by the receipt system 3362 of 
the clearinghouse. As indicated above, this system may process the audit 
information and pass some or all of the output of such a process to the billing 
system and/or transmit such output to appropriate content authors. Such passing of 
audit information employs secure VDE pathway of reporting information handling 
techniques. Audit information may also be passed to the analysis system in order to 
produce analysis results related to end user content usage for use by the end user, 
the repository, third party market researchers, and/or one or more authors. 
Analysis results may be based on a single audit transmission, a portion of an audit 
transmission, a collection of audit transmissions from a single end user and/or 
multiple end users 3310, or some combination of audit transmissions based on the 
subject of analysis (e.g. usage patterns for a given content element or collection 
of elements, usage of certain categories of content, payment histories, demographic 
usage patterns, etc.) The response system 3364 is used to send information to the 
end user to, for example, replenish a budget, deliver usage controls, update 
permissions information, and to transmit certain other information and/or messages 
requested and/or required by an end user in the course of their interaction with 
the clearinghouse. During the course of an end user's connections and transmissions 
to and from the clearinghouse, certain transactions (e.g. time, date, and/or 
purpose of a connection and/or transmission) may be recorded by the transaction 
system of the audit system to reflect requirements of the repository and/or 
authors . 

Detailed Description Text (1380) : 

Certain audit information may be transmitted to authors. For example, author 3306A 
may require that certain information gathered from an end user be transmitted to 
author 3306A with no processing by the audit system. In this case, the fact of the 
transmission may be recorded by the audit system, but author 3306A may have elected 
to perform their own usage analysis rather than (or in addition to) permitting the 
repository to access, otherwise process and/or otherwise use this information. The 
repository in this example may provide author 3306A with some of the usage 
information related to the repository's budget method received from one or more end 
users 3310 and generated by the payment of fees associated with such users' usage 
of content provided by author 3306A . In this case, author 3306A may be able to 
compare certain usage information related to content with the usage information 
related to the repository's budget method for the content to analyze patterns of 
usage (e.g. to analyze usage in light of fees, detect possible fraud, generate user 
profile information, etc.) Any usage fees collected by the clearinghouse associated 
with author 3306A's content that are due to author 3306A will be determined by the 
disbursement system of the clearinghouse. The disbursement system may include usage 
information (in complete or summary form) with any payments to author 3306A 
resulting from such a determination. Such payments and information reporting may be 
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an entirely automated sequence of processes occurring within the VDE pathway from 
end user VDE secure subsystems, to the clearinghouse secure subsystem, to the 
author's secure subsystem. 

Detailed Description Text (1381): 

In this example, end users 3310 may transmit VDE permissions and/or other control 
information to the repository 3302 permitting and/or denying access to usage 
information collected by the audit system for use by the analysis system. This, in 
part, may help ensure end user's privacy rights as it relates to the usage of such 
information. Some containers may require, as an aspect of their control structures, 
that an end user make usage information available for analysis purposes. Other 
containers may give an end user the option of either allowing the usage information 
to be used for analysis, or denying some or all such uses of such information. Some 
users may elect to allow analysis of certain information, and deny this permission 
for other information. End users 3310 in this example may, for example, elect to 
limit the granularity of information that may be used for analysis purposes (e.g. 
an end user may allow analysis of the number of movies viewed in a time period but 
disallow use of specific titles, an end user may allow release of their ZIP code 
for demographic analysis, but disallow use of their name and address, etc.) Authors 
and/or the repository 3302 may, for example, choose to charge end users 3310 
smaller fees if they agree to release certain usage information for analysis 
purposes . 

Detailed Description Text (1398): 

In this case, a VDE container may be associated with an OLE " link. " Accesses 
(including reading content from, and writing content to) to a VDE protected 
container may be passed from an OLE aware application to a VDE aware OLE 
application that accesses protected content in conjunction with control information 
associated with such content. 

Detailed Description Text (1415) : 

After receiving enabling distribution control information from creator A, 
distributor A may manipulate an application program to specify some or all of the 
particulars of usage control information for users and/or user/distributors enabled 
by distributor A (as allowed, or not prevented, by senior control information) . 
Distributor A may, for example, determine that a price of $15 per month per user 
would meet distributor A's business objectives with respect to payments from users 
for creator A's container. Distributor A must specify usage control information 
that fulfill the requirements of the distribution control information given to 
distributor A by creator A. For example, distributor A may include any required 
expiration dates and/or time-aged encryption keys in the specification of control 
information in accordance with creator A's requirements. If distributor A failed to 
include such information (or to meet other requirements) in their specification of 
control information, the control method (s) referenced in creator A's permissions 
record and securely invoked within a PPE 650 to actually create this control 
information would, in this example, fail to execute in the desired way (e.g. based 
on checks of proposed values in certain fields, a requirement that certain methods 
be included in permissions, etc.) until acceptable information were included in 
distributor A's control information specification. 

Detailed Description Text (1416) ; 

In this example, user A may have established an account with distributor A such 
that user A may receive VDE managed content usage control information from 
distributor A. User A may receive content usage control information from 
distributor A to access and use creator A's content. Since the usage control 
information has passed through (and been added to, and/or modified by) a chain of 
handling including distributor A, the usage control information requested from 
distributor A to make use of creator A's content will, in this example, reflect a 
composite of control information from creator A and distributor A. For example, 
creator A may have established a meter method that will generate an audit record if 
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a user accesses creator A's VDE controlled content container if the user has not 
previously accessed the container within the same calendar month (e.g. by storing 
the date of the user's last access in a UDE associated with an open container event 
referenced in a method core of such a meter method and comparing such a date upon 
subsequent access to determine if such access has occurred within the same calendar 
month) . Distributor A may make use of such a meter method in a control method (e.g. 
also created and/or provided by creator A, or created and/or provided by 
distributor A) associated with opening creator A's container that invokes one or 
more billing and/or budget methods created, modified, referenced in one or more 
permissions records and/or parameterized by distributor A to reflect a charge for 
monthly usage as described above. If distributor A has specified usage and/or 
redistribution control information within the boundaries permitted by creator A's 
senior control information, a new set of control information (shown as D.sub.A 
(C.sub.A) in FIG. 80) may be associated with creator A's VDE content container when 
control information associated with that container by distributor A are delivered 
to users and/or user /distributors (user A, user B, and user/distributor A in this 
example) . 

Detailed Description Text (1417) : 

In this example, user A may receive control information related to creator A's VDE 
content container from distributor A. This control information may represent an 
extended agreement between user A and distributor A (e.g. regarding fees associated 
with use of content, limited redistribution rights, etc.) and distributor A and 
creator A (e.g. regarding the character, extent, handling, reporting; and/or other 
aspects of the use and/or creation of VDE controlled content usage information 
and/or content control information received, for example, by distributor A from 
creator A, or vice versa, or in other VDE content usage information handling) , Such 
an extended agreement is enforced by processes operating within a secure subsystem 
of each participant's VDE installation. The portion of such an extended agreement 
representing control information of creator A as modified by distributor A in this 
example is represented by D.sub.A (C.sub.A), including, for example, (a) control 
structures (e.g. one or more component assemblies, one or more permissions records, 
etc.), (b) the recording of usage information generated in the course of using 
creator A's content in conformance with requirements stated in such control 
information, (c) making payments (including automatic electronic credit and/or 
currency payments "executed" in response to such usage ) as a consequence of such 
usage (wherein such consequences may also include electronically, securely and 
automatically receiving a bill delivered through use of VDE, wherein such a bill is 
derived from said usage), (d) other actions by user A and/or a VDE secure subsystem 
at user A's VDE installation that are a consequence of such usage and/or such 
control information. 

Detailed Description Text (1420) : 

User/distributor A may, for example, both use creator A's content as a user and act 
as a redistributor of control information. In this example, control information 
D.sub.A (C.sub.A) both enables and limits these two activities. To the extent 
permitted by D.sub.A (C.sub.A), user/distributor A may create their own control 
information based on D.sub.A (C.sub.A) — UD.sub.A (D.sub.A (C.sub.A)) — that controls 
both user/distributor A's usage (in a manner similar to that described above in 
connection with user A and user B) , and control information redistributed by 
user/distributor A (in a manner similar to that described above in connection with 
distributor A). For example, if user/distributor A redistributes UD.sub.A (D.sub.A 
(C.sub.A)) to user/distributor B, user/distributor B may be required to report 
certain usage information to user/distributor A that was not required by either 
creator A or distributor A. Alternatively or in addition, user /distributor B may, 
for example, agree to pay user /distributor A a fee to use creator A's content based 
on the number of minutes user/distributor B uses creator A's content (rather than 
the monthly fee charged to user /distributor A by distributor A for user/distributor 
B ' s usage) . 



h eb bgeeefc ef 



e ge 



Record Display Form 



Page 36 of 43 



Detailed Description Text (1422): 

As indicated in FIG. 79, user B may employ content from both user/distributor B and 
distributor A (amongst others) . In this example, as illustrated in FIG. 80, user B 
may receive control information associated with creator A's content from 
distributor A and/or user/distributor B. In either case, user B may be able to 
establish their own control information on D.sub.A (C.sub.A) and/or UD.sub.B 
(UD.sub.A (D.sub.A (C.sub.A))), respectively (if allowed by such control 
information. The resulting set(s) of control information, U.sub.B (D.sub.A 
(C.sub.A)) and/or U.sub.B (UD.sub.B (UD.sub.A (D.sub.A (C.sub.A)))) respectively, 
may represent different control scenarios, each of which may have benefits for user 
B. As described in connection with an earlier example, user B may have received 
control information from user/distributor B along a chain of handling including 
user/distributor A that bases fees on the number of minutes that user B makes use 
of creator A's content (and requiring user/distributor A to pay fees of $15 per 
month per user to distributor A regardless of the amount of usage by user B in a 
calendar month) . This may be more favorable under some circumstances than the fees 
required by a direct use of control information provided by distributor A, but may 
also have the disadvantage of an exhausted chain of redistribution and, for 
example, further usage information reporting requirements included in UD.sub.B 
(UD.sub.A (D.sub.A (C.sub.A))). If the two sets of control information D.sub.A 
(C.sub.A) and UD.sub.B (UD.sub.A (D.sub.A (C.sub.A))) permit (e.g. do not require 
exclusivity enforced, for example, by using a registration interval in an object 
registry used by a secure subsystem of user B*s VDE installation to prevent 
deregistration and reregistration of different sets of control information related 
to a certain container (or registration of plural copies of the same content having 
different control information and/or being supplied by different content providers) 
within a particular interval of time as an aspect of an extended agreement for a 
chain of handling and control reflected in D.sub.A (C.sub.A) and/or UD.sub.B 
(UD.sub.A (D.sub.A (C.sub.A)))), user B may have both sets of control information 
registered and may make use of the set that they find preferable under a given 
usage scenario. 

Detailed Description Text (1424 ) : 

In this example, distributor A may request control information from creator B that 
enables distributor A to distribute control information to users and/or 
user/distributors that is associated with the VDE container described above in 
connection with creator B. As stated earlier, distributor A has established a 
business model that favors "rental" of access rights to users and user/distributors 
receiving such rights from distributor A. Creator B's distribution control 
information in this example does not force a model including "rental" of rights, 
but rather bases payment amounts on the quantity of content decrypted by a user or 
user/distributor. In this example, distributor A may use VDE to negotiate with 
creator B to include a different usage information recording model allowed by 
creator B. This model may be based on including one or more meter methods in 
control structures associated with creator B's container that will record the 
number of bytes decrypted by end users, but not charge users a fee based on such 
decryptions; rather distributor A proposes, and creator B's control information 
agrees to allow, a "rental" model to charge users, and determines the amount of 
payments to creator B based on information recorded by the bytes decrypted meter 
methods and/or collections of payment from users . 

Detailed Description Text (1426) : 

User A may receive a set of control information D.sub.A (C.sub.B) from distributor 
A. As indicated above in connection with content received from creator A via a 
chain of handling including distributor A, user A may apply their own control 
information to the control information D.sub.A (C.sub.B), to the extent permitted 
by D.sub.A (C.sub.B), to produce a set of control information U.sub.A (D.sub.A 
(C.sub.B)). The set of control information D.sub.A (C.sub.B) may include one or 
more meter methods that record the number of bytes of content from creator B's 
container decrypted by user A (in order to allow correct calculation of amounts 
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owed by distributor A to creator B for user A's usage of creator B's content in 
accordance with the control information of C.sub.B that requires payment of $0.50 
per kilobyte of decrypted information), and a further meter method associated with 
recording usage such that distributor A may gather sufficient information to 
securely generate billings associated with user A*s usage of creator B's content 
and based on a "rental" model (e.g. distributor A may, for example, have included a 
meter method that records each calendar month that user A makes use of creator B's 
content, and relates to further control information that charges user A $10 per 
month for each such month during which user A makes use of such content.) 
User/distributor A may receive control information C.sub.B directly from creator B. 
In this case, creator B may use VDE to negotiate with user/distributor A and 
deliver a set of control information C.sub.B that may be the same or differ from 
that described above in connection with the distribution relationship established 
between creator B and distributor A. For example, user/distributor A may receive 
control information C.sub.B that includes a requirement that user /distributor A pay 
creator B for content decrypted by user/distributor A (and any participant 
receiving distributed and/or redistributed control information from 
user/distributor A) at the rate of $0.50 per kilobyte. As indicated above, 
user/distributor A also may receive control information associated with creator B's 
VDE content container from distributor A. In this example, user/distributor A may 
have a choice between paying a "rental" fee through a chain of handling passing 
through distributor A, and a fee based on the quantity of decryption through a 
chain of handling direct to creator B. In this case, user/distributor A may have 
the ability to choose to use either or both of C.sub.B and D.sub.A (C.sub.B). As 
indicated earlier in connection with a chain of handling including creator A and 
distributor A, user/distributor A may apply her own control information to the 
extent permitted by C.sub.B and/or D.sub.A (C.sub.B) to form the sets of control 
information UD.sub.A (C.sub.B) and UD.sub.A (D.sub.A (C.sub.B)), respectively. 

Detailed Description Text (1428): 

In this example, creator C produces one or more sets of control information C.sub.C 
associated with a VDE content container created by creator C, as shown in FIG. 82. 
FIG. 82 further shows the VDE participants who may receive enabling control 
information related to creator C's VDE content container. The content in such a 
container is, in this example, organized into a set of text articles. In this 
example control information may include one or more component assemblies that 
describe the articles within such a container (e.g. one or more event methods 
referencing map tables and/or algorithms that describe the extent of each article) . 
C.sub.C may further include, for example: (a) a requirement that distributors 
ensure that creator C receive $1 per article accessed by users and/or 
user/distributors, which payment allows a user to access such an article for a 
period of no more than six months (e.g. using a map-type meter method that is aged 
once per month, time aged decryption keys, expiration dates associated with 
relevant permissions records, etc.), (b) control information that allows articles 
from creator C's container to be extracted and embedded into another container for 
a one time charge per extract /embed of $10, (c) prohibits extracted/embedded 
articles from being reextracted, (d) permits distributors to create enabling 
control information for up to 1000 users or user/distributors per month, (e) 
requires that information regarding the number of users and user /distributors 
enabled by a distributor be reported to creator C at least once per week, (f) 
permits distributors to enable users or user/distributors to perform up to one move 
of enabling control information, and (g) permits up to 2 levels of redistribution 
by user/distributors. 

Detailed Description Text (1429): 

In this example, distributor B may establish a distribution relationship with 
creator C. Distributor B in this example may have established a business model that 
favors the distribution of control information to users and user/distributors that 
bases payments to distributor B based on the number of accesses performed by such 
VDE participants. In this example, distributor B may create a modified set D.sub.B 
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(C.sub.C) of enabling control information for distribution to users and/or 
user /distributors . This set D.sub.B (C.sub.C) may, for example, be based on a 
negotiation using VDE to establish a fee of $0.10 per access per user for users 
and/or user/distributors who receive control information from distributor B. For 
example, if one or more map-type meter methods have been included in C.sub.C to 
ensure that adequate information may be gathered from users and/or 

user/distributors to ensure correct payments to creator C by distributor B based on 
C.sub.C, such methods may be preserved in the set D.sub.B (C.sub.C), and one or 
more further meter methods (and any other necessary control structures such as 
billing and/or budget methods) may be included to record each access such that the 
set D.sub.B (C.sub.C) will also ensure that distributor B will receive payments 
based on each access. 

Detailed Description Text (1435) : 

In this example, distributor C may receive VDE content containers from creator B, 
creator C, and creator D, and associated sets of control information C.sub.B, 
C.sub.C, and C.sub.D. Distributor C may use the embedding control information and 
other control information to produce a new container with two or more VDE objects 
received from creator B, creator C, and creator D. In addition or alternatively, 
distributor C may create enabling control information for distribution to users 
and/or user/distributors (or in the case of C.sub.D, for distributors) for such 
received containers individually. For example, distributor C may create a container 
including content portions (e.g. embedded containers) from creator B, creator C, 
and creator D in which each such portion has control information related to its 
access and use that records, and allows an auditor to gather, sufficient 
information for each such creator to securely and reliably receive payments from 
distributor C based on usage activities related to users and/or user/distributors 
enabled by distributor C. Furthermore, distributor C may negotiate using VDE with 
some or all of such creators to enable a model in which distributor C provides 
overall control information for the entire container based on a "uniform" fee (e.g. 
calculated per month, per access, from a combined model, etc.) charged to users 
and/or user/distributors, while preserving the models of each such creator with 
respect to payments due to them by distributor C based on C.sub.B, C.sub.C, and/or 
C.sub.D, and, for example, resulting from each of their differing models for the 
collection of content usage information and any related (e.g. advertising) 
information . 

Detailed Description Text (1442) : 

FIG. 84 reflects certain aspects of a relatively simple model 3400 of VDE content 
distribution involving several categories of VDE participants. In this instance, 
and for simplicity of reference purposes, various portions of content are 
represented as discrete items in the form of VDE content container objects. One or 
more of such content portions may also be integrated together in a single object 
and may (as may the contents of any VDE content container object if allowed by 
content control information) be extracted in whole or part by a user. In this 
example, publishers of historical/educational multimedia content have created VDE 
content containers through the use of content objects available from three content 
resources: a Video Library 3402 product available to Publishers on optical discs 
and containing video clip VDE objects representing various historical situations, 
an Internet Repository 3404 which stores history information text and picture 
resources in VDE objects which are available for downloading to Publishers and 
other users, and an Audio Library 3406, also available on optical discs, and 
containing various pieces of musical performances and vocal performances (for 
example, historical narrations) which can be used alone or to accompany other 
educational historical materials. 

Detailed Description Text (1444) : 

In this example, the Video Library 3402 control information allows publishers to 
extract objects from the Video Library product container and content control 
information enabling use of each extracted object during a calendar year if the 
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object has a license cost of $50 or less, and is shorter than 45 minutes in 
duration, and 20,000 copies of each of any other extracted objects, and further 
requires all video objects to be VDE fingerprinted upon decryption. The Audio 
Library 3404 has established similar controls that match its business model. The 
Internet Repository 3406 VDE containerizes, including encrypts, selected object 
content as it streams out of the Repository in response to an online, user request 
to download an object. The Repository 3406 may fingerprint the identification of 
the receiving VDE installation into its content prior to encryption and 
communication to a publisher, and may further require user identification 
fingerprinting of their content when decrypted by said Publisher or other content 
user . 

Detailed Description Text (1445) : 

The Publishers 3408 in this example have selected, under terms and conditions VDE 
negotiated (or otherwise agreed to) with the providing resources, various content 
pieces which they combine together to form their VDE object container products for 
their teacher customers. Publisher 3408(A) has combined video objects extracted 
from the Video Library 3402 (as indicated by circles), text and image objects 
extracted from the Internet Repository 3404 (indicated by diamonds), and one 
musical piece and one historical narration extracted from the Audio Library 3406 
(as indicated by rectangles). Publisher 3408(B) has extracted a similar array of 
objects to be combined into his product, and has further added graphical elements 
(indicated by a hexagon) created by Publisher 3408(B) to enhance the product. 
Publisher 3408(C) has also created a product by combining objects from the Internet 
Repository 3404 and the Audio Library 3406. In this example, all publisher products 
are delivered, on their respective optical discs, in the form of VDE content 
container objects with embedded objects, to a modern high school for installation 
on the high school's computer network. 

Detailed Description Text (1446) : 

In this particular example, End-Users 3410 are teachers who use their VDE node's 
secure subsystems to access the VDE installation on their high school server that 
supports the publishers* products (in an alternative example, the high school may 
maintain only a server based VDE installation) . These teachers license the VDE 
products from one or more of the publishers and extract desired objects from the 
VDE product content containers and either download the extracted VDE content in the 
form of VDE content containers for storage on their classroom computers and/or as 
appropriate and/or efficient. The teachers may store extracted content in the form 
of VDE content containers on server mass storage (and/or if desired and available 
to an end-user, and further according to acceptable pricing and/or other terms and 
conditions and/or senior content control information, they may store extracted 
information in "clear" unencrypted form on their nodes' and/or server storage 
means) . This allows the teachers to play, and/or otherwise use, the selected 
portions of said publishers' products, and as shown in two instances in this 
example, add further teacher and/or student created content to said objects. End- 
user 3410(2), for example, has selected a video piece 1 received from Publisher A, 
who received said object from the Video Library. End-user 3410(3) has also received 
a video piece 3 from the same Publisher 3408(A) wherein said piece was also 
available to her from Publisher 3408(B), but perhaps under not as favorable terms 
and conditions (such as a support consultation telephone line) . In addition, end- 
user 3410(3) has received an audio historical narration from Publisher 3408(B) 
which corresponds to the content of historical reference piece 7. End-user 3410(3) 
has also received a corresponding historical reference piece 7 (a book) from 
publisher 3408(2) who received said book from the Internet Repository 3404. In this 
instance, perhaps publisher 3408(2) charged less for said book because end-user 
3410(3) has also licensed historical reference piece 7 from him, rather than 
publisher 3408(1), who also carried the same book. End-user 3410(3), as a teacher, 
has selected the items she considers most appropriate for her classes and, through 
use of VDE, has been able to flexibly extract such items from resources available 
to her (in this instance, extracting objects from various optical products provided 
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by publishers and available on the local high school network server) . 
Detailed Description Text (1477) : 

Through use of the present invention, electronic appliances can be "leased" or 
otherwise provided to customers who, rather than purchasing a given appliance for 
unlimited usage, may acquire the appliance (such as a VCR, television, microwave 
oven, etc.) and be charged according to one or more aspects of use. For example, 
the charge for a microwave might be for each time it is used to prepare an item 
and/or for the duration of time used. A telephone jack could be attached, either 
consistently or periodically, to an inexpensive modem operatively attached or 
within the microwave (the modem might alternatively be located at a location which 
services a plurality of items and/or functions — such as burglar alarm, light and/or 
heat control) . Alternatively, such appliances may make use of a network formed by 
the power cables in a building to transmit and receive signals. 

Detailed Description Paragraph Table (12) : 

Event Type Successful Initialization completed successfully. Events User 
authentication accepted. Communications established. Channel loads set for 
specified values. Decryption completed. Key information updated. New budget created 
or existing budget updated. New billing information generated or existing billing 
updated. New meter set up or existing meter updated New PERC created or existing 
PERC updated. New objects registered. Administrative objects successfully 
processed. Audit processed successfully. All other events. Failed Events 
Initialization failed. Authentication failed. Communication attempt failed. Request 
to load a channel failed. Validation attempt unsuccessful. Link to subsidiary item 
failed correlation tag match. Authorization attempt failed. Decryption attempt 
failed. Available budget insufficient to complete requested procedure. Audit did 
not occur. Administrative object did not process correctly. Other failed events. 

Other Reference Publication (2) : 

David Arneke and Donna Cunningham, Document from the Internet : AT&T encryption 
system protects information services, (New Release), Jan. 9, 1995, 1 page. 

other Reference Publication (4 ) : 

Theodore Sedgwick Barassi, Document from Internet: The Cybernotary: Public Key 
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CLAIMS: 

5. The method of claim 4, in which: the first requirement includes a requirement 
that a first payment method be used ; the second requirement includes a requirement 
that a second payment method be used ; the first information identifies a payment 
method other than the first payment method; and the second information identifies 
the second payment method. 
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